CVE-2015-7110

Apple macOS X < 10.11.2 and iPhone OS < 9.1 - Memory Corruption in Disk Images

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7110. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC exploits a race condition in the IOHDIXControllerUserClient::clientClose method on OS X 10.11.1, leading to a use-after-free or double-free vulnerability due to lack of locking. The code spawns two threads to trigger the race condition by closing the IOKit connection simultaneously.

Description

The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/39365

View Code ZIP pw:eip

This PoC exploits a race condition in the IOHDIXControllerUserClient::clientClose method on OS X 10.11.1, leading to a use-after-free or double-free vulnerability due to lack of locking. The code spawns two threads to trigger the race condition by closing the IOKit connection simultaneously.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Racy

Target: Apple OS X 10.11.1 (El Capitan)

No auth needed

Prerequisites: Access to a vulnerable OS X 10.11.1 system · Boot args -zc and -zp for crash observation

MITRE ATT&CK