A now-patched security flaw in Apple macOS could have allowed attackers to execute arbitrary code, leading to a compromise, according to Trend Micro Zero Day Initiative (ZDI).
Researchers helped to discover and patch an out-of-bounds write vulnerability in macOS that could lead to serious consequences if successfully exploited by attackers.
The flaw affected the Scriptable Image Processing System (sips), a terminal utility included in macOS that allows a user to verify, edit, and print out information about ICC Profile files and images. The lack of proper validation caused the vulnerability.
ICC (International Color Consortium) is used to manage colors on screens and printers.
“A remote attacker could exploit this vulnerability by enticing a victim to open a crafted file. A successful attack may result in code execution on the victim's machine in the context of the running process,” the report explains.
The researchers detailed how an attacker, by crafting a special ICC Profile with manipulated “lutAToBType” or “lutBToAType” sections, could overrun a memory buffer by up to 16 bytes.
Apple patched this vulnerability in October 2024. The tech giant acknowledged that “processing a maliciously crafted file may lead to unexpected app termination.” The fix improved bounds checking.
“To date, no attacks have been detected in the wild. Apple does not provide any mitigations for this bug, so it is recommended to apply the vendor patch to completely address this issue,” the ZDI said in the report.
In January, Microsoft disclosed another flaw that allowed attackers to bypass Apple’s SIP in macOS by loading third-party kernel extensions. Apple fixed the vulnerability in December 2024.
Your email address will not be published. Required fields are markedmarked