Vigil@nce - Cisco AnyConnect Secure Mobility Client: denial of service via Mac OS X
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can stop the Mac OS X kernel via Cisco AnyConnect
Secure Mobility Client, in order to trigger a denial of service.
Impacted products: Cisco AnyConnect Secure Mobility Client,
AnyConnect VPN Client.
Severity: 1/4.
Creation date: 30/07/2015.
DESCRIPTION OF THE VULNERABILITY
The Cisco AnyConnect Secure Mobility Client product can be
installed on Mac OS X.
However, a local attacker can manipulate the memory, to trigger a
fatal error in the Mac OS X kernel.
A local attacker can therefore stop the Mac OS X kernel via Cisco
AnyConnect Secure Mobility Client, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN