Privilege escalation in macOS - CVE-2017-6978
Published: May 25, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU6710
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-6978
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Apple Inc.
Affected software:
macOS
macOS
Detailed vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to lack of bounds checking in HIServices custom CFObject serialization. A local attacker can run a specially crafted application, trigger memory corruption in the Accessibility Framework and gain system privileges.
Successful exploitation of the vulnerability results in privilege escalation.
The weakness exists due to lack of bounds checking in HIServices custom CFObject serialization. A local attacker can run a specially crafted application, trigger memory corruption in the Accessibility Framework and gain system privileges.
Successful exploitation of the vulnerability results in privilege escalation.
How to mitigate CVE-2017-6978
Update to version 10.12.5.