macOS Kernel Memory Corruption Exploit

A group used Anthropic's Mythos AI model to help find a kernel memory corruption vulnerability and exploit on Apple's M5. News article...

📄 macOS 10.13.4 Heap Overflow

Proof of concept exploit for an old macOS version 10.13.4 heap overflow vulnerability. A kernel heap overflow exists in fgetattrlist due to missing lower-bound buffer size validation when writing returned attributes to caller-supplied memory. When triggered it causes a kernel panic...

📄 macOS 10.12.2 XNU Kernel Race Condition

This proof of concept code demonstrates a race condition observed in the setdpcontrolport function within XNU kernel versions prior to macOS 10.12.2 and iOS 10.2...

📄 macOS 18.3.2 Kernel Privilege Escalation

macOS version 18.3.2 proof of concept exploit for an old kernel related privilege escalation vulnerability. A critical memory management vulnerability exists within the macOS XNU kernel's handling of the VMBEHAVIORZEROWIREDPAGES behavior flag. The issue arises from improper sequence validation wh...

EUVD-2020-30632

Malware in sbrugna...

EUVD-2016-8475

Malware in sbrugna...

EUVD-2016-8457

Malware in sbrugna...

IOHIDeous

IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here. Notice The prefetch timing attack I'm using for hid for some reason doesn't work on High Sierra 10.13.2 anymore, and I don't feel like investigating that. Maybe patched, maybe just the consequence of a random change, I...

Exploit for Out-of-bounds Write in Apple Ipados

CVE-2025-24118 Exploit Python Overview This repository...

CVE-2024-54529

CVE-2024-54529 is a type-confusion vulnerability in macOS CoreAudio, exposed via the com.apple.audio.audiohald Mach service in coreaudiod. Project Zero details show an attack chain where a HALS_Object is fetched from the heap and dereferenced through an unchecked type assumption, enabling control...

Apple多款产品缓冲区错误漏洞

Apple tvOS and others are products of Apple Inc. tvOS is a smart TV operating system. apple watchOS is a smart watch operating system. watchOs is a watch operating system for the Apple Watch. A buffer error vulnerability exists in several Apple products, which stems from a boundary error in the...

Exploit for Improper Initialization in Apple Ipados

This is a PoC exploit for CVE-2020-27950, a vulnerability in the macOS kernel that allows for a port pointer leak. The exploit targets the macOS kernel and leverages a vulnerability in the kalloc.1024 buffer to allocate a controlled buffer with a magic value. The exploit then creates an ipckmsg...

Google Discloses Unpatched 'High-Severity' Flaw in Apple macOS Kernel

Cybersecurity researcher at Google's Project Zero division has publicly disclosed details and proof-of-concept exploit of a high-severity security vulnerability in macOS operating system after Apple failed to release a patch within 90 days of being notified. Discovered by Project Zero researcher...

Apple macOS memory corruption vulnerability (CNVD-2018-22950)

macOS is Apple's proprietary operating system for the Mac line of products. A memory corruption vulnerability exists in the Kernel component in Apple macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and macOS Mojave 10.14. An attacker can exploit the vulnerability via an application to execute...

Kemon - An Open-Source Pre And Post Callback-Based Framework For macOS Kernel Monitoring

An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring. What is Kemon? An open-source Pre and Post callback-based framework for macOS kernel monitoring. With the power of Kemon, we can easily implement LPC communication monitoring, MAC policy filtering, kernel driver...

An Open-Source Pre and Post Callback-Based Framework for macOS Kernel Monitoring: Kemon

If third-party vendors want to add new features to the macOS kernel, such as antivirus capabilities, ransomware blocking, data breach auditing, behavior monitoring and so on, they usually need the support of the system’s exported interfaces. At present, only two known official interfaces are...

Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver

/ nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls taskdeallocate without locking. Two threads can race calling this external method to drop two task references when only one is held. Note that the repro forks a child which give the nvAccelerator a...

CVE-2018-4136

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service out-of-bounds read via a crafted app...

macOS Kernel - Use-After-Free Due to Lack of Locking in AppleEmbeddedOSSupportHostClient::registerNo

Exploit for macOS platform in category dos / poc / AppleEmbeddedOSSupportHost.kext is presumably involved in the communication with the OS running on the touch bar on new MBP models. Here's the userclient's registerNotificationPort method: text:0000000000002DE4 ;...

macOS Kernel - Use-After-Free Due to Lack of Locking in AppleEmbeddedOSSupportHostClient::registerNotificationPort

macOS Kernel - Use-After-Free Due to Lack of Locking in AppleEmbeddedOSSupportHostClient::registerNotificationPort / AppleEmbeddedOSSupportHost.kext is presumably involved in the communication with the OS running on the touch bar on new MBP models. Here's the userclient's registerNotificationPort...