CVE-2017-2509

MEDIUM

macOS < 10.12.5 - Kernel Memory Read Restriction Bypass via Crafted App

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2509. PoCs published by Google Security Research.

AI-analyzed exploit summary The exploit leverages a kernel register leak in macOS XNU kernel (CVE-2017-2509) by switching between 32-bit and 64-bit modes to dump kernel register contents (r8-r15). It demonstrates an information leak vulnerability in the kernel's syscall return path.

Description

An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Google Security Research · textdosmacos
https://www.exploit-db.com/exploits/42046

The exploit leverages a kernel register leak in macOS XNU kernel (CVE-2017-2509) by switching between 32-bit and 64-bit modes to dump kernel register contents (r8-r15). It demonstrates an information leak vulnerability in the kernel's syscall return path.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: macOS XNU kernel (15.6.0, xnu-3248.60.11.2.1~1)
No auth needed
Prerequisites: 32-bit binary execution support in macOS kernel · ability to compile and run the PoC
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42046/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038484
Vendor Advisory x_refsource_confirm
https://support.apple.com/HT207797

Scores

CVSS v3 5.5
EPSS 0.0232
EPSS Percentile 81.2%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

Status published
Products (1)
apple/mac_os_x < 10.12.4
Published May 22, 2017
Tracked Since Feb 18, 2026