OS X 10.10 Bluetooth DispatchHCICreateConnection - Crash PoC

Exploit for macOS platform in category dos / poc / crash-issue1.c: Written for Mac OS X Yosemite 10.10 by @rpaleari and @joystick. Exploits a missing check in IOBluetoothHCIUserClient::DispatchHCICreateConnection causing a panic. gcc -Wall -o crash-issue1,.c -framework IOKit / include include...

Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash (PoC)

/ crash-issue2.c: Written for Mac OS X Yosemite 10.10 by @rpaleari and @joystick. Triggers a panic overwriting a stackcanary. gcc -Wall -o crash-issue2,.c -framework IOKit / include include include include include include struct BluetoothCall uint64t args7; uint64t sizes7; uint64t index; ; int...

Mac OS X IOKit Keyboard Driver Root Privilege Escalation

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'Mac OS X IOKit Keyboard Driver Root Privilege Escalation', 'Description' = %q A heap overflow in...

Apple Mac OSX - IOKit Keyboard Driver Privilege Escalation (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'Mac OS X IOKit Keyboard Driver Root Privilege Escalation', 'Description' = %q A heap overflow in...

Mac OS X IOKit Keyboard Driver Root Privilege Escalation Exploit

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue has be...

Mac OS X IOKit Keyboard Driver Root Privilege Escalation

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue was...

Mac OS X Mavericks IOBluetoothHCIUserClient Privilege Escalation

No description provided by source. / pwn.c, by @rpaleari and @joystick This PoC exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL. Tested on Mac OS X Mavericks 10.9.4/10.9.5. Compile with: gcc -Wall -o pwn,.c -framework IOKit / include stdio.h include string.h include...

Mac OS X Mavericks IOBluetoothHCIUserClient Privilege Escalation Exploit

Exploit for iOS platform in category dos / poc / pwn.c, by @rpaleari and @joystick This PoC exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL. Tested on Mac OS X Mavericks 10.9.4/10.9.5. Compile with: gcc -Wall -o pwn,.c -framework IOKit / include include include include...

Apple Mac OSX (Mavericks) - 'IOBluetoothHCIUserClient' Privilege Escalation

/ pwn.c, by @rpaleari and @joystick This PoC exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL. Tested on Mac OS X Mavericks 10.9.4/10.9.5. Compile with: gcc -Wall -o pwn,.c -framework IOKit / include include include include include uint64t payload / Your payload goes...

Apple Mac OSX (Mavericks) - IOBluetoothHCIUserClient Privilege Escalation

Apple Mac OSX Mavericks - IOBluetoothHCIUserClient Privilege Escalation / pwn.c, by @rpaleari and @joystick This PoC exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL. Tested on Mac OS X Mavericks 10.9.4/10.9.5. Compile with: gcc -Wall -o pwn,.c -framework IOKit / includ...

Mac OS X < 10.10 Multiple Vulnerabilities (APPLE-SA-2014-10-16-1 OS X Yosemite v10.10)

Binary data 8555.prm...

Mac OS X < 10.10 Multiple Vulnerabilities (POODLE) (Shellshock)

The remote host is running a version of Mac OS X is prior to version 10.10. This update contains several security-related fixes for the following components : - 802.1X - AFP File Server - apache - App Sandbox - Bash - Bluetooth - Certificate Trust Policy - CFPreferences - CoreStorage - CUPS - Doc...

APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-09-17-3 OS X Mavericks 10.9.5 and Security Update 2014-004 OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address the following: apachemodphp Available for: OS X Mavericks 10.9 to 10.9.4 Impact: Multiple...

CVE-2014-4376

IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via an application that provides crafted API arguments...

Null pointer dereference

IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via an application that provides crafted API arguments...

CVE-2014-4376

CVE-2014-4376 affects Apple OS X, specifically IOKit in IOAcceleratorFamily prior to OS X 10.9.5. The issue is a kernel NULL pointer dereference that can allow an attacker to execute arbitrary code in a privileged context or cause a denial of service by passing crafted API arguments to IOKit/IOAc...

CVE-2014-4376

IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service NULL pointer dereference via an application that provides crafted API arguments...

CVE-2014-4418

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than...

CVE-2014-4407

IOKit in Apple iOS before 8 and Apple TV before 7 does not properly initialize kernel memory, which allows attackers to obtain sensitive memory-content information via an application that makes crafted IOKit function calls...

CVE-2014-4389

Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted API arguments...