CVE-2016-1821

HIGH

macOS < 10.11.5 - Remote Code Execution or Denial of Service via Crafted App

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1821. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a NULL pointer dereference in IOAudioEngineUserClient on macOS, allowing RIP control via a race condition between thread operations and IOServiceClose. It maps the NULL page as read-write to facilitate the attack.

Description

IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdososx

https://www.exploit-db.com/exploits/39926

View Code ZIP pw:eip

This exploit leverages a NULL pointer dereference in IOAudioEngineUserClient on macOS, allowing RIP control via a race condition between thread operations and IOServiceClose. It maps the NULL page as read-write to facilitate the attack.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: macOS (tested on OS X 10.11.4)

No auth needed

Prerequisites: macOS with vulnerable IOAudioEngineUserClient · ability to execute arbitrary code on the target system

MITRE ATT&CK