Buffer Overflow Vulnerability in Little Snitch Versions 3.0 through 3.6.1 Allows for Local Privilege Escalation and Unauthorized Ring0 Access

Buffer Overflow Vulnerability in Little Snitch Versions 3.0 through 3.6.1 Allows for Local Privilege Escalation and Unauthorized Ring0 Access

CVE-2016-8661 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow vulnerability that could be locally exploited which could lead to an escalation of privileges (EoP) and unauthorised ring0 access to the operating system. The buffer overflow is related to insufficient checking of parameters to the "OSMalloc" and "copyin" kernel API calls.

Learn more about our Api Penetration Testing.