A use-after-free vulnerability in the X.509 certificate validation functionality of Apple macOS and iOS has been identified which could lead to arbitrary code execution. Older versions of MacOS Sierra 10.12.3 and iOS 10.2.1 are likely affected. A specially crafted malicious certificate could trigger this vulnerability and potentially result in remote code execution on the affected system. Talos has developed the following Snort rules to detect attempts to exploit this vulnerability. For the most current information, please visit your FireSIGHT Management Center or Snort.org.”]
Source: https://blog.talosintelligence.com/2017/03/apple-x509.html