voucher_swap: Exploiting MIG reference counting in iOS 12
Posted by Brandon Azad, Project Zero In this post I'll describe how I discovered and exploited CVE-2019-6225, a MIG reference counting vulnerability in XNU's taskswapmachvoucher function. We'll see how to exploit this bug on iOS 12.1.2 to build a fake kernel task port, giving us the ability to re...