The arbitrary code execution (ACE) is on your wrist CVE-2019-8718

Preface: XNU is an operating system kernel developed by Apple Computer for the macOS operating system. It is part of the Darwin operating system. XNU is a hybrid kernel combining the Mach kernel .

Background: IOKit – Gain user-space access to hardware devices and drivers. The IOKit object representing a hub device on the USB bus. It is a subclass of IOUSBDevice. A vulnerable implementation of IOInterruptEventSource on a workloop exists in IOUSBDeviceFamily.

Impact: Attacker can sending an USB control message to a target device exploit the vulnerability which lets the application to execute arbitrary code with kernel privileges.

Current Status:
– Entry added October 29, 2019
– Proof of concept release on 11th Nov 2019