Lucene search
+L

71 matches found

exploitpack
exploitpack
added 2018/04/30 12:0 a.m.14 views

Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules

Apple macOS 10.13.2 - Double machportdeallocate in kextd due to Failure to Comply with MIG Ownership Rules Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if...

7.2AI score
Exploits0
exploitpack
exploitpack
added 2018/04/30 12:0 a.m.13 views

Apple macOSiOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

Apple macOSiOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules / ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes. Most processes can talk to ReportCrash via their exception ports either task or host level. You would...

7.3AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/30 12:0 a.m.71 views

Apple macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules

/ ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes. Most processes can talk to ReportCrash via their exception ports either task or host level. You would normally never send a message yourself to ReportCrash but the kernel would do it on your behalf whe...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/04/30 12:0 a.m.35 views

Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules

Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if gClientUID != 0 OSKextLog/ kext / NULL, kOSKextLogErrorLevel | kOSKextLogIPCFlag, "Non-root kextutil doesn't need ...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/12/15 12:0 a.m.118 views

iOS/MacOS kernel double free due to IOSurfaceRootUserClient not respecting MIG ownership rules(CVE-2017-13861)

I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633 https://bugs.chromium.org/p/project-zero/issues/detail?id=954 If a MIG method returns KERNSUCCESS it means that th...

9.3CVSS1.4AI score0.14888EPSS
Exploits11
exploitpack
exploitpack
added 2017/12/11 12:0 a.m.55 views

Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules

Apple macOSiOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633...

9.3CVSS0.1AI score0.04229EPSS
Exploits7
Exploit DB
Exploit DB
added 2017/12/11 12:0 a.m.120 views

Apple macOS/iOS - Kernel Double Free due to IOSurfaceRootUserClient not Respecting MIG Ownership Rules

I have previously detailed the lifetime management paradigms in MIG in the writeups for: CVE-2016-7612 https://bugs.chromium.org/p/project-zero/issues/detail?id=926 and CVE-2016-7633 https://bugs.chromium.org/p/project-zero/issues/detail?id=954 If a MIG method returns KERNSUCCESS it means that th...

9.3CVSS7.1AI score0.04229EPSS
Exploits7
OpenVAS
OpenVAS
added 2017/02/28 12:0 a.m.43 views

Apple Mac OS X Multiple Vulnerabilities-04 (Feb 2017)

Apple Mac OS X is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.5AI score0.03731EPSS
Exploits5References1
Prion
Prion
added 2017/02/20 8:59 a.m.32 views

Code injection

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or...

7.2CVSS7.3AI score0.03731EPSS
Exploits5References8Affected Software4
0day.today
0day.today
added 2017/01/26 12:0 a.m.77 views

macOS 10.12.1 / iOS Kernel - IOService::matchPassive Use-After-Free Exploit

Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=973 IOService::matchPassive is called when trying to match a request dictionary against a candidate IOService. We can call this function on a controlled IOService with a...

9.3CVSS7.9AI score0.0425EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2017/01/05 12:0 a.m.63 views

Apple iOS < 10.2 Multiple Vulnerabilities

Binary data 9847.prm...

9.8CVSS7.8AI score0.0676EPSS
Exploits19References45
0day.today
0day.today
added 2016/12/23 12:0 a.m.88 views

MacOS Kernel 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free Exploit

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=954 Proofs of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40954.zip Userspace MIG services often use machmsgserver or...

7.2CVSS7.1AI score0.01275EPSS
Exploits6
exploitpack
exploitpack
added 2016/12/22 12:0 a.m.20 views

Apple macOS 10.12.2 iOS 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free

Apple macOS 10.12.2 iOS 10.2 Kernel - ipcportt Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=926 mach ports are really struct ipcportt's in the kernel; this is a reference-counted object, ipreference...

0.8AI score
Exploits0
exploitpack
exploitpack
added 2016/12/22 12:0 a.m.41 views

Apple macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free

Apple macOS 10.12 - Double vmdeallocate in Userspace MIG Code Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=954 Proofs of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40954.zip Userspace MIG services often use...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/12/22 12:0 a.m.57 views

Apple macOS &lt; 10.12.2 / iOS &lt; 10.2 Kernel - ipc_port_t Reference Count Leak Due to Incorrect externalMethod Overrides Use-After-Free

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=926 mach ports are really struct ipcportt's in the kernel; this is a reference-counted object, ipreference and iprelease atomically increment and decrement the 32 bit ioreferences field. Unlike OSObjects, ipreference will allow the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2016/12/22 12:0 a.m.68 views

Apple macOS 10.12 - Double vm_deallocate in Userspace MIG Code Use-After-Free

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=954 Proofs of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40954.zip Userspace MIG services often use machmsgserver or machmsgserveronce to implent an RPC server. These two functions a...

7.4AI score
Exploits0
0day.today
0day.today
added 2016/12/17 12:0 a.m.155 views

iOS 10.1.1 / macOS 10.12 16A323 XNU Kernel - set_dp_control_port Lack of Locking Use-After-Free Vuln

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=965 setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostprivt hostpriv, ipcportt controlport if hostpriv...

9.3CVSS7.3AI score0.0676EPSS
Exploits7
exploitpack
exploitpack
added 2016/12/16 12:0 a.m.65 views

Apple macOS 10.12 16A323 XNU Kernel iOS 10.1.1 - set_dp_control_port Lack of Locking Use-After-Free

Apple macOS 10.12 16A323 XNU Kernel iOS 10.1.1 - setdpcontrolport Lack of Locking Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=965 setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostpri...

9.3CVSS0.1AI score0.0676EPSS
Exploits7
Exploit DB
Exploit DB
added 2016/12/16 12:0 a.m.190 views

Apple macOS 10.12 16A323 XNU Kernel / iOS 10.1.1 - &#039;set_dp_control_port&#039; Lack of Locking Use-After-Free

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=965 setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostprivt hostpriv, ipcportt controlport if hostpriv == HOSTPRIVNULL return KERNINVALIDHOST; if...

7.1AI score
Exploits0
0day.today
0day.today
added 2016/11/01 12:0 a.m.73 views

Apple OS X Kernel - IOBluetoothFamily.kext Use-After-Free Exploit

Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=830 When you create a new IOKit user client from userspace you call: kernreturnt IOServiceOpen ioservicet service, taskportt owningTask, uint32t type, ioconnectt connect ; The...

7.2CVSS8.7AI score0.01045EPSS
Exploits2
Rows per page
Query Builder