Advisory Details

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

The specific flaw exists within the speechsynthesisd service. The issue results from the lack of proper validation of a library prior to loading it. An attacker can leverage this vulnerability to escalate privileges under the context of the current service.

• 2017-03-15 - Vulnerability reported to vendor
• 2017-05-15 - Coordinated public release of advisory