EUVD-2016-2850

Malware in sbrugna...

EUVD-2015-3797

Malware in sbrugna...

EUVD-2009-1237

Malware in sbrugna...

Apple OS XiOS Kernel - IOSurface Use-After-Free

Apple OS XiOS Kernel - IOSurface Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=831 IOSurfaceRootUserClient stores a task struct pointer passed in via IOServiceOpen in the field at +0xf0 without taking a reference. By killing the corrisponding task we can free th...

Apple Mac OSX Kernel - NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value

Apple Mac OSX Kernel - NULL Dereference in CoreCaptureResponder Due to Unchecked Return Value / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=777 Pretty much all the external methods of CoreCaptureUserClient call CoreCaptureUserClient::stashGet passing an attacker controlled...

Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2

Apple Mac OSX Kernel - Use-After-Free Due to Bad Locking in IOAcceleratorFamily2 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=772 In IOAccelContext2::clientMemoryForType the lockbusy/unlockbusy should be extended to cover all the code setting up shared memory type 2. At the...

Apple Mac OSX Kernel - AppleKeyStore Use-After-Free

Apple Mac OSX Kernel - AppleKeyStore Use-After-Free / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=710 The AppleKeyStore userclient uses an IOCommandGate to serialize access to its userclient methods, however by racing two threads, one of which closes the userclient which fre...

The Mac OS X operating system, and found 2 pieces of Privilege elevation 0day vulnerabilities-vulnerability warning-the black bar safety net

Apple Mac OS X operating system, and found 2 pieces new, 0day vulnerabilities, if an attacker successfully exploited, may be in the victim's equipment on elevated privileges to get root access. Vulnerability details These two vulnerabilities is by Italian security researcher Luca Todesco found, a...