CVE-2009-1235

N/A Unknown

Published: April 02, 2009 Modified: April 23, 2026

Description

XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html

Source: cve@mitre.org

http://secunia.com/advisories/34424

Source: cve@mitre.org

http://secunia.com/advisories/36096

Source: cve@mitre.org

http://support.apple.com/kb/HT3757

Source: cve@mitre.org

http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.c

Source: cve@mitre.org

Exploit

http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.sh

Source: cve@mitre.org

Exploit

http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181

Source: cve@mitre.org

http://www.securityfocus.com/bid/34203

Source: cve@mitre.org

Exploit

http://www.securitytracker.com/id?1022671

Source: cve@mitre.org

http://www.us-cert.gov/cas/techalerts/TA09-218A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2009/0822

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2009/2172

Source: cve@mitre.org

https://www.exploit-db.com/exploits/8266

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34424

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36096

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT3757

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.c

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.digit-labs.org/files/exploits/xnu-hfs-fcntl-v2.sh

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=216401181

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34203

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securitytracker.com/id?1022671

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA09-218A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2009/0822

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2009/2172

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/8266

Source: af854a3a-2127-422b-91ae-364da2661108

26 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.2%

42th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

apple

Related CVEs

CVE-2026-7000 2.4

CVE-2026-6999 2.4

CVE-2026-6998 2.4

CVE-2026-6997 2.4

CVE-2026-6996 2.4