9 matches found
Apple macOS 10.12 - 'task_t' Local Privilege Escalation
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=837 TL;DR you cannot hold or use a task struct pointer and expect the euid of that task to stay the same. Many many places in the kernel do this and there are a great many very exploitable bugs as a result. taskt is just a typedef...
Mach Race OSX - Privilege Escalation
Exploit for macOS platform in category local exploits Source: https://github.com/gdbinit/machrace Mach Race OS X Local Privilege Escalation Exploit c fG! 2015, 2016, email protected - https://reverse.put.as A SUID, SIP, and binary entitlements universal OS X exploit CVE-2016-1757. Usage against a...
Mach Race OSX - Local Privilege Escalation
Source: https://github.com/gdbinit/machrace Mach Race OS X Local Privilege Escalation Exploit c fG! 2015, 2016, [email protected] - https://reverse.put.as A SUID, SIP, and binary entitlements universal OS X exploit CVE-2016-1757. Usage against a SUID binary: ./machraceserver /bin/ps compatmode for ...
Mach Race OSX - Local Privilege Escalation
Mach Race OSX - Local Privilege Escalation Source: https://github.com/gdbinit/machrace Mach Race OS X Local Privilege Escalation Exploit c fG! 2015, 2016, [email protected] - https://reverse.put.as A SUID, SIP, and binary entitlements universal OS X exploit CVE-2016-1757. Usage against a SUID binar...
CVE-2 0 1 6-1 7 5 7 a simple analysis-vulnerability warning-the black bar safety net
Recent 1 0. 1 1. 4 patch fixes a use condition of competition to get code execution permissions of vulnerability after the kernel source code as well as poc to understand after the first of the issues to make a simple analysis. 0x01 basics 1.1 the exec function to process I'm in the OSX kernel to...
Immunity Canvas: CVE_2016_1757
Name| CVE20161757 ---|--- CVE| CVE-2016-1757 Exploit Pack| CANVAS Description| Shellelevate: CVE-2016-1757 Notes| Repeatability: Multiple Times NOTES: VENDOR: Apple CVE Url: https://vulners.com/cve/CVE-2016-1757 CVE Name: CVE-2016-1757...
CVE-2016-1757
CVE-2016-1757 is a race-condition in the XNU kernel that can enable arbitrary code execution in kernel context by abusing how task_t pointers are invalidated and reused during process execs. The public exploit chain relies on two cooperating processes exchanging a task port and triggering the use...
CVE-2016-1757
creationtimestamp| type| source ---|---|--- 2016-03-23 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39595 2025-08-31 03:01:12+00:00| seen| MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d...
Race you to the kernel!
Posted by Ian Beer of Google Project Zero The OS X and iOS kernel code responsible for loading a setuid root binary invalidates the old task port after first swapping the new virtual memory map pointer into the old task object, leaving a short race window where you can manipulate the memory of an...