#VU6710 Privilege escalation in macOS - CVE-2017-6978
Published: May 25, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU6710
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-6978
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
macOS
macOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to lack of bounds checking in HIServices custom CFObject serialization. A local attacker can run a specially crafted application, trigger memory corruption in the Accessibility Framework and gain system privileges.
Successful exploitation of the vulnerability results in privilege escalation.
The weakness exists due to lack of bounds checking in HIServices custom CFObject serialization. A local attacker can run a specially crafted application, trigger memory corruption in the Accessibility Framework and gain system privileges.
Successful exploitation of the vulnerability results in privilege escalation.
Remediation
Update to version 10.12.5.