4 matches found
MacOS Kernel 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement Exploit
Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=977 syslogd running as root hosts the com.apple.system.logger mach service. It's part of the system.sb sandbox profile and so reachable from a lot of sandboxed contexts. Here's ...
Apple macOS 10.12.1 iOS 10.2 - powerd Arbitrary Port Replacement
Apple macOS 10.12.1 iOS 10.2 - powerd Arbitrary Port Replacement / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=976 powerd running as root hosts the com.apple.PowerManagement.control mach service. It checks in with launchd to get a server port and then wraps that in a CFPort:...
Apple macOS 10.12.1 / iOS < 10.2 - syslogd Arbitrary Port Replacement
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=977 syslogd running as root hosts the com.apple.system.logger mach service. It's part of the system.sb sandbox profile and so reachable from a lot of sandboxed contexts. Here's a snippet from its mach message handling loop...
Apple macOS 10.12.1 / iOS < 10.2 - powerd Arbitrary Port Replacement
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=976 powerd running as root hosts the com.apple.PowerManagement.control mach service. It checks in with launchd to get a server port and then wraps that in a CFPort: pmServerMachPort = SCCFMachPortCreateWithPort "PowerManagement",...