Apple macOS < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=959 Proofs of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40957.zip When sending and receiving mach messages from userspace there are two important kernel objects; ipcentry and...