Lucene search
K

8 matches found

Packet Storm
Packet Storm
added 2026/01/26 12:0 a.m.140 views

📄 macOS Sierra 10.12 Build 16A323 Double-Free / Privilege Escalation

macOS Sierra version 10.12 Build 16.A323 local privilege escalation proof of concept exploit. A flaw in the MIG ownership model within the ioserviceaddnotificationool routine of IOKit allows a malicious user to leak Mach port send-right references. By repeatedly invoking notifications with...

5.9AI score
Exploits0
0day.today
0day.today
added 2018/05/01 12:0 a.m.59 views

macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rul

Exploit for macOS platform in category dos / poc Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if gClientUID != 0 OSKextLog/ kext / NULL, kOSKextLogErrorLevel |...

9.3CVSS7.7AI score0.04436EPSS
Exploits4
0day.today
0day.today
added 2018/05/01 12:0 a.m.57 views

macOS / iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

Exploit for multiple platform in category dos / poc / ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes. Most processes can talk to ReportCrash via their exception ports either task or host level. You would normally never send a message yourself to...

7.8AI score0.04979EPSS
Exploits4
Exploit DB
Exploit DB
added 2018/04/30 12:0 a.m.34 views

Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules

Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if gClientUID != 0 OSKextLog/ kext / NULL, kOSKextLogErrorLevel | kOSKextLogIPCFlag, "Non-root kextutil doesn't need ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/30 12:0 a.m.71 views

Apple macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

/ ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes. Most processes can talk to ReportCrash via their exception ports either task or host level. You would normally never send a message yourself to ReportCrash but the kernel would do it on your behalf whe...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/12/15 12:0 a.m.117 views

iOS/MacOS kernel double free due to IOSurfaceRootUserClient not respecting MIG ownership rules(CVE-2017-13861)

I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633 https://bugs.chromium.org/p/project-zero/issues/detail?id=954 If a MIG method returns KERNSUCCESS it means that th...

9.3CVSS1.4AI score0.14888EPSS
Exploits11
Exploit DB
Exploit DB
added 2017/12/11 12:0 a.m.119 views

Apple macOS/iOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules

I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633 https://bugs.chromium.org/p/project-zero/issues/detail?id=954 If a MIG method returns KERNSUCCESS it means that th...

9.3CVSS7.1AI score0.04229EPSS
Exploits7
exploitpack
exploitpack
added 2017/12/11 12:0 a.m.53 views

Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules

Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633...

9.3CVSS0.1AI score0.04229EPSS
Exploits7
Rows per page
Query Builder