CVE-2016-1735

Vulnerability

A memory corruption vulnerability exists in the Bluetooth subsystem of Apple OS X versions prior to 10.11.4. The flaw is triggered when processing a crafted application that interacts with the Bluetooth stack. Affected versions include OS X El Capitan v10.11 to v10.11.3, as well as OS X Mavericks v10.9.5 and OS X Yosemite v10.10.5 (though the latter two are not explicitly listed for this CVE in the reference, the advisory covers them for other issues; however, the official description states OS X before 10.11.4). The vulnerability is distinct from CVE-2016-1736.

Exploitation

An attacker must convince a user to run a specially crafted application on an affected system. No additional authentication or network access is required beyond the ability to execute the malicious app. The crafted app triggers the memory corruption by sending malformed data to the Bluetooth driver, leading to a kernel-level crash or code execution.

Impact

Successful exploitation allows an attacker to execute arbitrary code with kernel privileges, resulting in full system compromise. Alternatively, the attacker could cause a denial of service through memory corruption. The impact is high due to the privileged context achieved.

Mitigation

Apple addressed this vulnerability in OS X El Capitan v10.11.4, released on March 21, 2016 [1]. Users should update to this version or later. No workarounds are documented. Systems running older versions remain vulnerable.