Lucene search
K

5 matches found

0day.today
0day.today
added 2019/02/01 12:0 a.m.66 views

macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to

/ xpcserializerunpack in libxpc parses mach messages which contain xpc messages. There are two reasons for an xpc mach message to contain descriptors: if the message body is large, then it's sent as a MACHMSGOOLDESCRIPTOR. Also if the message contains other port resources eg memory entry ports th...

9.3CVSS7.8AI score0.05495EPSS
Exploits2
0day.today
0day.today
added 2018/05/01 12:0 a.m.59 views

macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rul

Exploit for macOS platform in category dos / poc Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if gClientUID != 0 OSKextLog/ kext / NULL, kOSKextLogErrorLevel |...

9.3CVSS7.7AI score0.04436EPSS
Exploits4
exploitpack
exploitpack
added 2018/04/30 12:0 a.m.14 views

Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules

Apple macOS 10.13.2 - Double machportdeallocate in kextd due to Failure to Comply with MIG Ownership Rules Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if...

7.2AI score
Exploits0
exploitpack
exploitpack
added 2016/12/22 12:0 a.m.29 views

Apple macOS 10.12.1 iOS 10.2 - syslogd Arbitrary Port Replacement

Apple macOS 10.12.1 iOS 10.2 - syslogd Arbitrary Port Replacement / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=977 syslogd running as root hosts the com.apple.system.logger mach service. It's part of the system.sb sandbox profile and so reachable from a lot of sandboxed...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2016/12/22 12:0 a.m.62 views

Apple macOS &lt; 10.12.2 / iOS &lt; 10.2 - Broken Kernel Mach Port Name uref Handling Privileged Port Name Replacement Privilege Escalation

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=959 Proofs of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40957.zip When sending and receiving mach messages from userspace there are two important kernel objects; ipcentry and...

7.4AI score
Exploits0
Rows per page
Query Builder