Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms

Apple XNU Kernel - Memory Corruption due to Integer Overflow in offsetof Usage in posixspawn on 32-bit Platforms posixspawn is a complex syscall which takes a lot of arguments from userspace. The third argument is a pointer to a further arguments descriptor in userspace with the following structu...

MacOS Kernel < 10.12.2 / iOS < 10.2 - ipc_port_t Reference Count Leak Due to Incorrect externa

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=930 IOUserClient subclasses which override IOUserClient::externalMethod need to ensure that if they return kIOReturnSuccess they actually take ownership of the machportt...