Subscribe via feed.

OS X Coreaudiod Calls Uninitialized Function Pointer

Posted by deepcore on January 28, 2016 – 2:34 am

com.apple.audio.coreaudiod is reachable from various sandboxes including the Safari renderer. coreaudiod is sandboxed and runs as its own user, nevertheless it has access to various other interesting attack surfaces which safari doesn’t, allowing this bug to potentially form part of a full sandbox escape chain.

Tags: , ,
This post is under “Apple” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.