Linux Kernel 3.x (Ubuntu 14.04 Mint 17.3 Fedora 22) - Double-free usb-midi SMEP Privilege Escalation

Linux Kernel 3.x Ubuntu 14.04 Mint 17.3 Fedora 22 - Double-free usb-midi SMEP Privilege Escalation Source: https://xairy.github.io/blog/2016/cve-2016-2384 Source: https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-2384 Source: https://www.youtube.com/watch?v=lfl1NJn1nvo Exploit-DB Note...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-124)

The openSUSE 13.1 kernel was updated to receive various security and bugfixes. Following security bugs were fixed : - CVE-2016-0728: A reference leak in keyring handling with joinsessionkeyring could lead to local attackers gain root privileges. bsc962075. - CVE-2015-7550: A local user could have...

Fisher-Price, hereO Toys Expose Kids' Personal Data

As more devices are connected to the Internet, not only are vulnerabilities introduced into those networked things, but also some glaring holes are exposed in organizations’ ability to receive and triage bug reports. Researchers at Rapid7 today disclosed details on a pair of vulnerabilities in to...

Check Point response to NTP "panic threshold" Bypass Vulnerability (CVE-2015-5300)

...

Null pointer dereference

The Stream Control Transmission Protocol SCTP module in FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9, when the kernel is configured for IPv6, allows remote attackers to cause a denial of service assertion failure or NULL pointer dereference and kernel panic via a crafted ICMPv6...

iOS Kernel - IOHIDEventService Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=604 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

Apple Mac OSX iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit

Apple Mac OSX iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit Source: https://code.google.com/p/google-security-research/issues/detail?id=620 I wanted to demonstrate that these iOS/OS X kernel race condition really are exploitable so here's a PoC which gets RIP on OS...

iOS Kernel - AppleOscarGyro Use-After-Free

Exploit for iOS platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=608 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

iOS Kernel - AppleOscarCMA Use-After-Free

Exploit for iOS platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=605 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

Apple Mac OSX - IOHDIXControllerUserClient::convertClient Buffer Integer Overflow

Apple Mac OSX - IOHDIXControllerUserClient::convertClient Buffer Integer Overflow / Source: https://code.google.com/p/google-security-research/issues/detail?id=511 Method 5 of the IOHDIXController user client is createDrive64. This takes a 0x100 byte structure input from which it reads a userspac...

Apple Mac OSX / iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=620 I wanted to demonstrate that these iOS/OS X kernel race condition really are exploitable so here's a PoC which gets RIP on OS X. The same techniques should transfer...

iOS Kernel - IOReportHub Use-After-Free

iOS Kernel - IOReportHub Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=603 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

iOS Kernel - AppleOscarCompass Use-After-Free

iOS Kernel - AppleOscarCompass Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=606 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

iOS Kernel - AppleOscarGyro Use-After-Free

iOS Kernel - AppleOscarGyro Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=608 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

Apple Mac OSX / iOS - Unsandboxable Kernel Code Exection Due to iokit Double Release in IOKit

Source: https://code.google.com/p/google-security-research/issues/detail?id=620 I wanted to demonstrate that these iOS/OS X kernel race condition really are exploitable so here's a PoC which gets RIP on OS X. The same techniques should transfer smoothly to iOS : The bug is here: void...

Apple Mac OSX - 'IntelAccelerator::gstqConfigure' Kernel NULL Dereference

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=595 The field at IntelAccelerator+0xe60 is a pointer to a GSTContextKernel allocated in the ::gstqCreateInfoMethod. In the ::start method this field is initialized to NULL. The IGAccelDevice external method gstconfigure...

iOS Kernel - AppleOscarCMA Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=605 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

iOS Kernel - AppleOscarAccelerometer Use-After-Free

Exploit for iOS platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=607 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

iOS Kernel - AppleOscarCompass Use-After-Free

Exploit for iOS platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=606 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...

iOS Kernel - AppleOscarAccelerometer Use-After-Free

iOS Kernel - AppleOscarAccelerometer Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=607 Panic log attached OS X advisory: https://support.apple.com/en-us/HT205731 iOS advisory: https://support.apple.com/en-us/HT205732 Proof of Concept:...