2 matches found
macOS 10.12.1 / iOS Kernel - IOService::matchPassive Use-After-Free Exploit
Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=973 IOService::matchPassive is called when trying to match a request dictionary against a candidate IOService. We can call this function on a controlled IOService with a...
Apple macOS 10.12.2 iOS 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free
Apple macOS 10.12.2 iOS 10.2 Kernel - ipcportt Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=926 mach ports are really struct ipcportt's in the kernel; this is a reference-counted object, ipreference...