Apple macOS Sierra 10.12.3 - IOFireWireFamily-null-deref FireWire Port Denial of Service Exploit

Exploit for macOS platform in category dos / poc / IOFireWireFamily-null-deref.c Brandon Azad NULL pointer dereference in IOFireWireUserClient::setAsyncRefIsochChannelForceStop. Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44236.zip / include...

macOS 10.13 (17A365) - Kernel Memory Disclosure due to Lack of Bounds Checking in AppleIntelCapriCon

Exploit for macOS platform in category dos / poc / AppleIntelCapriController::getDisplayPipeCapability reads an attacker-controlled dword value from a userclient structure input buffer which it uses to index a small array of pointers to memory to copy back to userspace. There is no bounds checkin...

Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow

Apple Mac OSX Kernel - GeForce GPU Driver Stack Buffer Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=724 nvAPIClient::Escape is the sole external method of nvAcclerator userclient type 0x2a0. It implements its own method and parameter demuxing using the struct-in...

OS X 10.10 Bluetooth DispatchHCICreateConnection

No description provided by source. include include include include include include define SIZE 0x1000 struct BluetoothCall uint64t args7; uint64t sizes7; uint64t index; ; int mainvoid / Finding vuln service / ioservicet service = IOServiceGetMatchingServicekIOMasterPortDefault,...

Mac OS X Mavericks IOBluetoothHCIUserClient Privilege Escalation

No description provided by source. / pwn.c, by @rpaleari and @joystick This PoC exploits a missing sign check in IOBluetoothHCIUserClient::SimpleDispatchWL. Tested on Mac OS X Mavericks 10.9.4/10.9.5. Compile with: gcc -Wall -o pwn,.c -framework IOKit / include stdio.h include string.h include...