Interesting Integer overflow in enum comparison IOHIDDevice::handleReportWithTime
By flanker from KeenLab.
There exists a signed integer comparison overflow in
IOHIDDevice::_getReport and then
handleReportWithTime, which can lead to oob access/execute in
handleReportWithTime. A normal process can leverage this vulnerability to archive potential code execution in kernel and escalate privilege.