MacOS X #TimeMachine - (tmdiagnose) Command Injection Privilege Escalation Exploit #RCE

Exploit for macOS platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mac OS X TimeMachine tmdiagnose Command Injection Privilege Escalation', 'Description' = %q...

macOS 10.14.3 Supplemental Update

The remote host is running a version of macOS 10.14.3 that is missing the macOS 10.14.3 Supplemental Update. This update fixes the following vulnerabilities : - An unspecified flaw exists related to handling Group FaceTime calls that allows an attacker to cause a call recipient to unintentionally...

macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack

macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in xpcserializerunpack / xpcserializerunpack in libxpc parses mach messages which contain xpc messages. There are two reasons for an xpc mach message to contain descriptors: if the...

macOS 10.14.3 iOS 12.1.3 XNU - vm_map_copy Optimization which Requires Atomicity isnt Atomic

macOS 10.14.3 iOS 12.1.3 XNU - vmmapcopy Optimization which Requires Atomicity isnt Atomic / vmmapcopyininternal in vmmap.c converts a region of a vmmap into "copied in" form, constructing a vmmapcopy structure representing the copied memory which can then be mapped into another vmmap or the same...

macOS 10.14.3 iOS 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics

macOS 10.14.3 iOS 12.1.3 - Kernel Heap Overflow in PFKEY due to Lack of Bounds Checking when Retrieving Statistics / Inspired by Ned Williamsons's fuzzer I took a look at the netkey code. keygetsastat handles SADBGETSASTAT messages: It allocates a buffer based on the number of SAs there currently...