EUVD-2016-2813

Malware in sbrugna...

Apple macOS 10.12 - task_t Local Privilege Escalation

Apple macOS 10.12 - taskt Local Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=837 TL;DR you cannot hold or use a task struct pointer and expect the euid of that task to stay the same. Many many places in the kernel do this and there are a great many very...

Apple Mac OSX - Kernel Use-After-Free Due to Bad Locking in IOAcceleratorFamily2

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=772 In IOAccelContext2::clientMemoryForType the lockbusy/unlockbusy should be extended to cover all the code setting up shared memory type 2. At the moment the lock doesn't protect...

Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2

Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=772 In IOAccelContext2::clientMemoryForType the lockbusy/unlockbusy should be extended to cover all the code setting up shared memory type 2. At the...

Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=772 In IOAccelContext2::clientMemoryForType the lockbusy/unlockbusy should be extended to cover all the code setting up shared memory type 2. At the moment the lock doesn't protect two threads racing where one reaches the release...

Apple OS X IOAcceleratorFamily2 Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

CVE-2016-1718

The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service memory corruption via unspecified vectors...

Memory corruption

The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS X before 10.11.3 allows local users to gain privileges or cause a denial of service memory corruption via unspecified vectors...

CVE-2016-1718

CVE-2016-1718 affects Apple OS X El Capitan prior to 10.11.3. The IOAcceleratorFamily2 interface in IOAcceleratorFamily allows local users to gain kernel privileges or cause a memory corruption (denial of service) via an unspecified vector. Public sources describe a memory corruption in the IOAcc...

Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient Exploitable NULL Der

Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=512 IOUserClient::connectClient is an obscure IOKit method which according to the docs is supposed to "Inform a connection of a second connection." In fact IOKit provides...

Apple Mac OSX - OSMetaClassBase::safeMetaCast in IOAccelContext2::connectClient NULL Dereference

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=512 IOUserClient::connectClient is an obscure IOKit method which according to the docs is supposed to "Inform a connection of a second connection." In fact IOKit provides no default implementation and only a handful of...

Apple OS X IOAcceleratorFamily2 Out-Of-Bounds Indexing Privilege Escalation Vulnerability

This vulnerability allows local attackers to elevate privileges on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOAcceleratorFamily2 interface. The issue lies i...