Apple iOS < 10.2 Multiple Vulnerabilities

Binary data 9847.prm...

Apple OS X IOHDIXController Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOHDIXController interface. The issue lies...

Apple Mac OSX iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient

Apple Mac OSX iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=732 This is perhaps a more interesting UaF than just racing testNetBootMethod calls as there looks to be a...

Apple Mac OSX / iOS Kernel - UAF Racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=732 This is perhaps a more interesting UaF than just racing testNetBootMethod calls as there looks to be a path to getting free'd memory disclosed back to userspace. Although the copyProperty macro used by...

Apple Mac OSX - IOHDIXControllerUserClient::convertClient Buffer Integer Overflow

Apple Mac OSX - IOHDIXControllerUserClient::convertClient Buffer Integer Overflow / Source: https://code.google.com/p/google-security-research/issues/detail?id=511 Method 5 of the IOHDIXController user client is createDrive64. This takes a 0x100 byte structure input from which it reads a userspac...

Apple Mac OSX - IOHDIXControllerUserClient::convertClientBuffer Integer Overflow

Exploit for macOS platform in category dos / poc / Source: https://code.google.com/p/google-security-research/issues/detail?id=511 Method 5 of the IOHDIXController user client is createDrive64. This takes a 0x100 byte structure input from which it reads a userspace pointer and a size which it...