mDNSResponder provides unicast and multicast mDNS services on UNIX-like operating systems such as OS X. mDNSResponder version 379.27 and above prior to version 625.41.2 is vulnerable to several buffer overflow vulnerabilities, as well as a null pointer dereference.
CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - CVE-2015-7987
Improper bounds checking in "GetValueForIPv4Addr()", "GetValueForMACAddr()", "rfc3110_import()", and "CopyNSEC3ResourceRecord()" functions may allow an attacker to read or write memory.
A remote attacker may be able to execute arbitrary code or cause a denial of service on the system running mDNSResponder.
Apply an update
Thanks to Apple for reporting this issue to us and working with us to coordinate the fix with vendors.
This document was written by Garret Wassermann.