iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free

/ voucherswap-poc.c Brandon Azad / if 0 iOS/macOS: taskswapmachvoucher does not respect MIG semantics leading to use-after-free The dangers of not obeying MIG semantics have been well documented: see issues 926 CVE-2016-7612, 954 CVE-2016-7633, 1417 CVE-2017-13861, asyncwake, 1520 CVE-2018-4139,...

Apple macOS/iOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules

I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633 https://bugs.chromium.org/p/project-zero/issues/detail?id=954 If a MIG method returns KERNSUCCESS it means that th...

CVE-2016-7612

CVE-2016-7612 affects macOS Sierra 10.12.1 era (Kernel). The Apple security content entries show the issue as a Kernel memory corruption vulnerability that could allow an attacker to execute arbitrary code with kernel privileges via a crafted app; remediation is provided in macOS 10.12.2 Security...

CVE-2016-7612

creationtimestamp| type| source ---|---|--- 2016-12-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40955...