Interesting Integer overflow in enum comparison IOHIDDevice::handleReportWithTime
By flanker from KeenLab.
There exists a signed integer comparison overflow in IOHIDDevice::_getReport and then handleReportWithTime, which can lead to oob access/execute in handleReportWithTime. A normal process can leverage this vulnerability to archive potential code execution in kernel and escalate privilege.