Software Integrity

 

Synopsys finds bluetooth memory vulnerability in MacOS/OS X

On Tuesday, researchers at Synopsys were credited in an Apple Update with finding a Bluetooth vulnerability in its operating system.

The Cupertino-based computer company disclosed a memory corruption issue as one of three affecting its Bluetooth stack. The effect of this specific unpatched vulnerability is that an application may be able to execute arbitrary code with kernel privileges. Apple said it mitigated this issue through improved memory handling.

Affected OS versions include macOS Sierra 10.12.1, OS X El Capitan v10.11.6, and OS X Yosemite v10.10.5

The MITRE organization reserved CVE-2016-7596 for this vulnerability with a creation date of September 9, 2016.

From the Synopsys Software Integrity Group, Apple acknowledged the contributions of Pekka Oikarainen, Matias Karhumaa, and Marko Laakso.