Lucene search
K

26 matches found

Packet Storm
Packet Storm
added 2026/01/26 12:0 a.m.137 views

📄 macOS Sierra 10.12 Build 16A323 Double-Free / Privilege Escalation

macOS Sierra version 10.12 Build 16.A323 local privilege escalation proof of concept exploit. A flaw in the MIG ownership model within the ioserviceaddnotificationool routine of IOKit allows a malicious user to leak Mach port send-right references. By repeatedly invoking notifications with...

5.9AI score
Exploits0
Packet Storm
Packet Storm
added 2026/01/26 12:0 a.m.155 views

📄 macOS 10.13.6 Reference Leak

This is a proof of concept for an older flaw that targets macOS 10.13.6. A flaw in the MIG ownership model within the ioserviceaddnotificationool routine of IOKit allows a malicious user to leak Mach port send-right references. By repeatedly invoking notifications with malformed matching data, MI...

9.3CVSS5.9AI score0.14888EPSS
Exploits7
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-0997

Malware in sbrugna...

4.4CVSS6.4AI score0.00336EPSS
Exploits1References10
exploitpack
exploitpack
added 2019/01/31 12:0 a.m.76 views

macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack

macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in xpcserializerunpack / xpcserializerunpack in libxpc parses mach messages which contain xpc messages. There are two reasons for an xpc mach message to contain descriptors: if the...

7AI score
Exploits0
0day.today
0day.today
added 2018/10/22 12:0 a.m.26 views

Apple iOS / macOS - Sandbox Escape due to Trusted Length Field in Shared Memory Exploit

Exploit for multiple platform in category dos / poc Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboard...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/10/22 12:0 a.m.59 views

Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem

Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboardd and on MacOS by hidd. The actual implementation is ...

Exploits0
exploitpack
exploitpack
added 2018/04/30 12:0 a.m.11 views

Apple macOSiOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

Apple macOSiOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules / ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes. Most processes can talk to ReportCrash via their exception ports either task or host level. You would...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2017/12/15 12:0 a.m.117 views

iOS/MacOS kernel double free due to IOSurfaceRootUserClient not respecting MIG ownership rules(CVE-2017-13861)

I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633 https://bugs.chromium.org/p/project-zero/issues/detail?id=954 If a MIG method returns KERNSUCCESS it means that th...

9.3CVSS1.4AI score0.14888EPSS
Exploits11
BDU FSTEC
BDU FSTEC
added 2017/03/09 12:0 a.m.3 views

Vulnerabilities of operating systems Mac OS X and iOS, allowing attackers to increase their privileges

The vulnerability of the Power Management component in Mac OS X and iOS systems is related to deficiencies in access control. Exploiting this vulnerability can allow an intruder, operating locally, to enhance their privileges by manipulating the links in the Mach port...

7.2CVSS7.4AI score0.01108EPSS
Exploits4References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2017/03/09 12:0 a.m.8 views

Vulnerabilities of operating systems Mac OS X and iOS, allowing attackers to increase their privileges

The vulnerability of the syslog component in operating systems like Mac OS X and iOS is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating locally, to enhance their privileges by manipulating the links in the Mach port...

7.2CVSS7.4AI score0.01069EPSS
Exploits1References5Affected Software2
OSV
OSV
added 2017/02/20 8:59 a.m.5 views

CVE-2016-7660

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references...

7.8CVSS5.5AI score0.01069EPSS
Exploits1References6
NVD
NVD
added 2017/02/20 8:59 a.m.13 views

CVE-2016-7660

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references...

7.8CVSS6.2AI score0.01069EPSS
Exploits1References6
NVD
NVD
added 2017/02/20 8:59 a.m.19 views

CVE-2016-7661

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references...

7.8CVSS6.2AI score0.01108EPSS
Exploits4References6
Prion
Prion
added 2017/02/20 8:59 a.m.20 views

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references...

7.2CVSS5.8AI score0.01108EPSS
Exploits4References6Affected Software2
Prion
Prion
added 2017/02/20 8:59 a.m.14 views

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references...

7.2CVSS5.8AI score0.01069EPSS
Exploits1References6Affected Software3
Cvelist
Cvelist
added 2017/02/20 8:35 a.m.18 views

CVE-2016-7660

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references...

6.5AI score0.01069EPSS
Exploits1References6
0day.today
0day.today
added 2016/12/23 12:0 a.m.84 views

MacOS Kernel < 10.12.2 / iOS < 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Po

Exploit for multiple platform in category local exploits / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=959 Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40957.zip When sending and receiving mach messages from userspa...

7.2CVSS0.3AI score0.01108EPSS
Exploits4
0day.today
0day.today
added 2016/12/23 12:0 a.m.67 views

MacOS Kernel < 10.12.2 / iOS < 10.2 - _kernelrpc_mach_port_insert_right_trap Reference Count L

Exploit for multiple platform in category local exploits / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=941 Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40956.zip The previous ref count overflow bugs were all kinda...

7.2CVSS8.1AI score0.01256EPSS
Exploits1
exploitpack
exploitpack
added 2016/12/22 12:0 a.m.35 views

Apple macOS 10.12.2 iOS 10.2 - _kernelrpc_mach_port_insert_right_trap Kernel Reference Count Leak Use-After-Free

Apple macOS 10.12.2 iOS 10.2 - kernelrpcmachportinsertrighttrap Kernel Reference Count Leak Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=941 Proofs of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40956.zip The...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2016/12/22 12:0 a.m.37 views

Apple macOS 10.12.2 iOS 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation

Apple macOS 10.12.2 iOS 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=959 Proofs of Concept:...

0.5AI score
Exploits0
Rows per page
Query Builder