18 matches found
EUVD-2014-4300
Malware in sbrugna...
(Pwn2Own) Apple OS X IntelAccelerator Out-Of-Bounds Indexing Privilege Escalation Vulnerability
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...
Apple Mac OSX - io_service_close Use-After-Free
Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=597 It turns out that the spoofed no-more-senders notification bug when applied to iokit objects was actually just a more complicated way to hit ::clientClose in parallel...
Apple Mac OSX - IntelAccelerator::gstqConfigure Exploitable Kernel NULL Dereference
Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=595 The field at IntelAccelerator+0xe60 is a pointer to a GSTContextKernel allocated in the ::gstqCreateInfoMethod. In the ::start method this field is initialized to NUL...
Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Kernel NULL Dereference
/ Source: https://code.google.com/p/google-security-research/issues/detail?id=595 The field at IntelAccelerator+0xe60 is a pointer to a GSTContextKernel allocated in the ::gstqCreateInfoMethod. In the ::start method this field is initialized to NULL. The IGAccelDevice external method gstconfigure...
Apple Mac OSX - Kernel IOAccelMemoryInfoUserClient Use-After-Free
Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=566 Kernel UaF with IOAccelMemoryInfoUserClient with spoofed no more senders notifications repro: while true; do ./iospoofig7; done Tested on ElCapitan 10.11 15a284 on...
Apple Mac OSX - IntelAccelerator::gstqConfigure Kernel NULL Dereference
Apple Mac OSX - IntelAccelerator::gstqConfigure Kernel NULL Dereference / Source: https://code.google.com/p/google-security-research/issues/detail?id=595 The field at IntelAccelerator+0xe60 is a pointer to a GSTContextKernel allocated in the ::gstqCreateInfoMethod. In the ::start method this fiel...
OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference
No description provided by source. include include include include include int main kernreturnt err; CFMutableDictionaryRef matching = IOServiceMatching"IntelAccelerator"; if!matching printf"unable to create service matching dictionary\n"; return 0; ioiteratort iterator; err =...
OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference
No description provided by source...
OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference
include include include include include int main kernreturnt err; CFMutableDictionaryRef matching = IOServiceMatching"IntelAccelerator"; if!matching printf"unable to create service matching dictionary\n"; return 0; ioiteratort iterator; err = IOServiceGetMatchingServiceskIOMasterPortDefault,...
Apple Mac OSX 10.10 - IOKit IntelAccelerator Null Pointer Dereference
Apple Mac OSX 10.10 - IOKit IntelAccelerator Null Pointer Dereference include include include include include int main kernreturnt err; CFMutableDictionaryRef matching = IOServiceMatching"IntelAccelerator"; if!matching printf"unable to create service matching dictionary\n"; return 0; ioiteratort...
OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference
Exploit for iOS platform in category local exploits // clang -o ig23exploit ig23exploit.c -framework IOKit -framework CoreFoundation -m32 -DFORTIFYSOURCE=0 // ianbeer include include include include include include include include uint64t kernelsymbolchar sym char cmd1024; strcpycmd, "nm -g...
OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference Exploit
Exploit for macOS platform in category dos / poc include include include include include int main kernreturnt err; CFMutableDictionaryRef matching = IOServiceMatching"IntelAccelerator"; if!matching printf"unable to create service matching dictionary\n"; return 0; ioiteratort iterator; err =...
Apple Mac OSX 10.9.5 - IOKit IntelAccelerator Null Pointer Dereference
Apple Mac OSX 10.9.5 - IOKit IntelAccelerator Null Pointer Dereference // clang -o ig23exploit ig23exploit.c -framework IOKit -framework CoreFoundation -m32 -DFORTIFYSOURCE=0 // ianbeer include include include include include include include include uint64t kernelsymbolchar sym char cmd1024;...
Apple Mac OSX 10.10 - IOKit IntelAccelerator Null Pointer Dereference
include include include include include int main kernreturnt err; CFMutableDictionaryRef matching = IOServiceMatching"IntelAccelerator"; if!matching printf"unable to create service matching dictionary\n"; return 0; ioiteratort iterator; err = IOServiceGetMatchingServiceskIOMasterPortDefault,...
Null pointer dereference
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service NULL pointer dereference and device restart via a crafted application...
CVE-2014-4373
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service NULL pointer dereference and device restart via a crafted application...
CVE-2014-4373
CVE-2014-4373: In Apple’s IOAcceleratorFamily, the IntelAccelerator driver on iOS (before v8) and Apple TV (before v7) contains a NULL pointer dereference that can be triggered by a crafted app, leading to a denial of service (and device restart). Apple’s remediation is to improve error handling ...