CVE-2016-1755

HIGH

Apple iOS <9.3 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1755. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a use-after-free vulnerability in the AppleKeyStore userclient on OS X 10.11.3 by racing two threads: one closing the userclient and another making an external method call, leading to a kernel crash or potential privilege escalation.

Description

The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdososx

https://www.exploit-db.com/exploits/39614

View Code ZIP pw:eip

This exploit demonstrates a use-after-free vulnerability in the AppleKeyStore userclient on OS X 10.11.3 by racing two threads: one closing the userclient and another making an external method call, leading to a kernel crash or potential privilege escalation.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: AppleKeyStore on OS X 10.11.3 El Capitan

No auth needed

Prerequisites: Access to a vulnerable macOS system (10.11.3)

MITRE ATT&CK