Apple iOS 11.2.5 watchOS 4.2.2 tvOS 11.2.5 - bluetoothd Memory Corruption

Apple iOS 11.2.5 watchOS 4.2.2 tvOS 11.2.5 - bluetoothd Memory Corruption // // main.m // bluetoothdPoC // // Created by Rani Idan. // Copyright © 2018 zLabs. All rights reserved. // import "AppDelegate.h" include extern kernreturnt bootstraplookupmachportt bs, const char servicename, machportt...

Apple macOS 10.12.1 iOS Kernel - host_self_trap Use-After-Free

Apple macOS 10.12.1 iOS Kernel - hostselftrap Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1034 The task struct has a lock itklockdata, taken via the itklock macros which is supposed to protect the task-itk ports. The hostselftrap mach trap accesses...

Apple Mac OSX Kernel - no-more-senders Use-After-Free

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=567 Kernel UaF due to audit session port failing to correctly account for spoofed no-more-senders notifications Tested on ElCapitan 10.11 15a284 on MacBookAir 5,2 / // ianbeer / Kernel UaF due to audit session port...