macOS 10.12.1 / iOS Kernel - IOService::matchPassive Use-After-Free Exploit

Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=973 IOService::matchPassive is called when trying to match a request dictionary against a candidate IOService. We can call this function on a controlled IOService with a...

OS X 10.10 Bluetooth BluetoothHCIChangeLocalName - Crash

No description provided by source. include include include include include include struct BluetoothCall uint64t args7; uint64t sizes7; uint64t index; ; int mainvoid / Finding vuln service / ioservicet service = IOServiceGetMatchingServicekIOMasterPortDefault,...

OS X 10.10 Bluetooth TransferACLPacketToHW - Crash

No description provided by source. include include include include include include struct BluetoothCall uint64t args7; uint64t sizes7; uint64t index; ; int mainvoid / Finding vuln service / ioservicet service = IOServiceGetMatchingServicekIOMasterPortDefault,...

Yosemite discovered a local privilege escalation vulnerability-vulnerability warning-the black bar safety net

Overview: following the previous research, we for Mac OS X the latest version of Yosemite 10.10.1 on IOBluetoothHCIController services were performed on more test results and found that in addition to 5 security vulnerabilities. We have the related issues submitted to the Apple Security, and, on...

Apple OS X Yosemite system exposure more local to mention the right vulnerability-vulnerability warning-the black bar safety net

Foreign security researchers have recently exposed the latest version of Mac OSX 10.10.1 system on the presence of multiple local mention the right vulnerability, due to the submitted to Apple the official time for too long are not get a clear answer, leading the researcher directly to the...

Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash (PoC)

/ crash-issue3.c: Written for Mac OS X Yosemite 10.10 by @rpaleari and @joystick. Exploits a missing check in IOBluetoothHCIController::TransferACLPacketToHW to trigger a panic. gcc -Wall -o crash-issue3,.c -framework IOKit / include include include include include include struct BluetoothCall...

Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash (PoC)

/ crash-issue2.c: Written for Mac OS X Yosemite 10.10 by @rpaleari and @joystick. Triggers a panic overwriting a stackcanary. gcc -Wall -o crash-issue2,.c -framework IOKit / include include include include include include struct BluetoothCall uint64t args7; uint64t sizes7; uint64t index; ; int...

Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash (PoC)

Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash PoC / crash-issue3.c: Written for Mac OS X Yosemite 10.10 by @rpaleari and @joystick. Exploits a missing check in IOBluetoothHCIController::TransferACLPacketToHW to trigger a panic. gcc -Wall -o crash-issue3,.c -framework IOKit / include...

OS X 10.10 Bluetooth TransferACLPacketToHW - Crash PoC

Exploit for macOS platform in category dos / poc / crash-issue3.c: Written for Mac OS X Yosemite 10.10 by @rpaleari and @joystick. Exploits a missing check in IOBluetoothHCIController::TransferACLPacketToHW to trigger a panic. gcc -Wall -o crash-issue3,.c -framework IOKit / include include includ...