3 matches found
macOS/IOS: mach_msg doesn't copy memory in a certain case(CVE-2017-2456)
When sending ool memory via |machmsg| with |deallocate| flag or |MACHMSGVIRTUALCOPY| flag, |machmsg| performs moving the memory to the destination process instead of copying it. But it doesn't consider the memory entry object that could resurrect the moved memory. As a result, it could lead to a...
CVE-2017-2456
CVE-2017-2456 is a kernel race condition in Appleās XNU mach_msg handling that can enable arbitrary code execution in kernel space via a non-atomic vm_map_copy move optimization. The connected Project Zero analysis details how two concurrent threads may trigger a flawed move path during vm_map_co...
CVE-2017-2456
creationtimestamp| type| source ---|---|--- 2017-03-30 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/41778...