vendor:
AppleKeyStore
by:
ianbeer
7.5
CVSS
HIGH
Use-after-free
416
CWE
Product Name: AppleKeyStore
Affected Version From: OS X 10.11.3 El Capitan 15D21
Affected Version To: Not specified
Patch Exists: NO
Related CWE: Not specified
CPE: Not specified
Platforms Tested: OS X 10.11.3 El Capitan 15D21 on MacBookAir5,2
Not specified
OS X Kernel use-after-free in AppleKeyStore
The AppleKeyStore userclient uses an IOCommandGate to serialize access to its userclient methods. However, by racing two threads, one of which closes the userclient (which frees the IOCommandGate) and one of which tries to make an external method call, we can cause a use-after-free of the IOCommandGate.
Mitigation:
Unknown