CVE-2016-1791

Vulnerability

The vulnerability resides in the AMD subsystem of Apple OS X. It allows a crafted application to obtain sensitive kernel memory-layout information. Affected versions include OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 and earlier. The issue is a missing bounds check that leads to disclosure of kernel memory content [1].

Exploitation

An attacker must have the ability to run a crafted application on the target system. No additional privileges or user interaction beyond launching the app are required. The app exploits the bounds checking flaw in the AMD subsystem to read kernel memory layout information [1].

Impact

Successful exploitation allows the attacker to determine the kernel memory layout, which is sensitive information that could aid in further attacks. The impact is limited to information disclosure; no code execution or privilege escalation is directly achieved [1].

Mitigation

Apple addressed this issue in OS X El Capitan v10.11.5 and Security Update 2016-003, released on May 18, 2016. Users should update to the latest version. No workarounds are documented [1].