Apple Mac OSX networkd - 'effective_audit_token' XPC Type Confusion Sandbox Escape

// Requires Lorgnette: https://github.com/rodionovd/liblorgnette // clang -o networkdexploit networkdexploit.c liblorgnette/lorgnette.c -framework CoreFoundation // ianbeer include include include include include include include include include include include include include...

OS X 10.9.x - sysmond XPC Privilege Escalation Vulnerability

Exploit for macOS platform in category local exploits / Source: https://code.google.com/p/google-security-research/issues/detail?id=121 / / tested on OS X 10.9.5 - uses some hard-coded offsets which will have to be fixed-up for other versions! this poc uses liblorgnette to resolve some private...

Apple Mac OSX 10.9.x - sysmond XPC Privilege Escalation

Apple Mac OSX 10.9.x - sysmond XPC Privilege Escalation / Source: https://code.google.com/p/google-security-research/issues/detail?id=121 / / tested on OS X 10.9.5 - uses some hard-coded offsets which will have to be fixed-up for other versions! this poc uses liblorgnette to resolve some private...