|Product||Apple macOS 10.13.1|
A NULL pointer dereference issue was identified within the ‘com.apple.AVEBridge’ IOKit kernel extension driver.
On systems without SMAP/SMEP it is expected this could be used to achieve kernel code execution. However, on modern systems with these protections, this issue is limited to a denial of service.
The com_apple_AVEBridge::submitData function was found to perform insufficient input validation.
Users should apply the released security update from Apple (https://support.apple.com/en-gb/HT208331).
Please refer to the attached advisory.
|2017-09-25||Issue reported to vendor|
|2017-12-06||Vendor issues patch|
|2018-01-19||MWR Labs releases advisory