Saturday, February 11, 2012

CVE-2012-0065 and usbmuxd

While I have been involved in the triaging/patch creation for most CVE's(for Maverick) discussed here, this is one that I picked up because of sheer curiosity. I was not involved in triaging or bugfixing it. The fix was provided by Leo Iannacone.

Lets start off here; we can notice that versions after Maverick are affected. There is not much to explore as most of it has been discussed on various mailing lists and forums already; it seems like a case of a straightforward heap overflow to me.

Check out the diff here if you are curious.

No comments:

Post a Comment