CVE-2009-1237

macOS < 10.5.6 - Denial of Service via SYS_add_profil or SYS___mac_getfsstat System Calls

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1237. PoCs published by mu-b.

AI-analyzed exploit summary This exploit leverages a vulnerability in the `profil` system call in Apple MACOS X xnu kernels to trigger a kernel memory leak and potential denial-of-service (DoS). It repeatedly calls `add_profil` to fill kernel memory, demonstrating the flaw.

Description

Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.

Exploits (2)

exploitdb WORKING POC VERIFIED
by mu-b · cdososx
https://www.exploit-db.com/exploits/8264

This exploit leverages a vulnerability in the `profil` system call in Apple MACOS X xnu kernels to trigger a kernel memory leak and potential denial-of-service (DoS). It repeatedly calls `add_profil` to fill kernel memory, demonstrating the flaw.

Classification
Working Poc 95%
Attack Type
Dos | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apple MACOS X xnu <= 1228.3.13
No auth needed
Prerequisites: Local access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mu-b · cdososx
https://www.exploit-db.com/exploits/8263

This exploit targets a kernel memory leak vulnerability in Apple MACOS X xnu versions up to 1228.3.13. It uses the `__mac_getfsstat` syscall to leak kernel memory by providing invalid buffer pointers and large buffer sizes.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apple MACOS X xnu <= 1228.3.13
No auth needed
Prerequisites: Local access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8264
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34202
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8263
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34424

Scores

EPSS 0.0091
EPSS Percentile 55.2%

Details

CWE
CWE-399
Status published
Products (47)
apple/mac_os_x 10.0
apple/mac_os_x 10.0.0
apple/mac_os_x 10.0.1
apple/mac_os_x 10.0.2
apple/mac_os_x 10.0.3
apple/mac_os_x 10.0.4
apple/mac_os_x 10.1
apple/mac_os_x 10.1.0
apple/mac_os_x 10.1.1
apple/mac_os_x 10.1.2
... and 37 more
Published Apr 02, 2009
Tracked Since Feb 18, 2026