Current:WooYun >> vulnerability information

Overview Followers (1) + Follow

WooYun-2014-00049

: Mac osx & ios Kernel Module Uninitialization

Apple Inc

fuck360

: 2014-01-03 23:55

: 2014-02-17 23:56

: 对象未初始化

: medium

: 5

: unable to contact the vendor or actively neglected by the vendor

http://www.wooyun.org

: N/A

0collected by people collect


Details

Disclosure time-line:

2014-01-03: Contacting and waiting for the vendor to claim, details not opened to the public
2014-02-17: Vendor has neglected the vulnerability, details opened to the public

Abstract:

Apple’s operating system IOReportHub has kernel module unitialization vulnerabilities that cause kernel breakdown.

Details:

The problem appears at the third function that moderates “GetValues”.

__ZN18IOReportUserClient10_getValuesEy:        // IOReportUserClient::_getValues(unsigned long long)
0000000000001f7c 55 push rbp ; XREF=0x17f7
0000000000001f7d 4889E5 mov rbp, rsp
0000000000001f80 4157 push r15
0000000000001f82 4156 push r14
0000000000001f84 4154 push r12
0000000000001f86 53 push rbx
0000000000001f87 4989F6 mov r14, rsi
0000000000001f8a 4989FC mov r12, rdi
0000000000001f8d 498BBC24F0000000 mov rdi, qword [ds:r12+0xf0]
0000000000001f95 E800000000 call 0x1f9a
0000000000001f9a 498BBC2400010000 mov rdi, qword [ds:r12+0x100] ; XREF=0x1f95
0000000000001fa2 488B07 mov rax, qword [ds:rdi] //rdi indicates a “0” object

Proofs of concept:

reporthub_crash.png



Solutions:

Copyright:Please repost with source fuck360@Wooyun


Response

Vendor comments:

Hazard rating:no response yet

Vulnerability Rank:0

Date confirmed:2014-01-03 23:55

Vendor response:

Latest status:

N/A


review the vulnerability:

Give your review of the vulnerability in order to reflect its value better. Reviews can include the subjectivity, complecity, as well as the scholar value of the information.

(0 comments):
You need to sign in to comment

Comments

  1. 2014-03-17 15:14 | 超级大菜鸟 ( intern whitehat | no vulnerability yet | 我是菜鸟,我骄傲!)
    0

    1

Want to comment? Please sign in .