MacOS/iOS kernel memory corruption due to off-by-one in SIOCGIFORDER socket ioctl (CVE-2017-2474)

SIOCSIFORDER and SIOCGIFORDER allow userspace programs to build and maintain the ifnetorderedhead linked list of interfaces. SIOCSIFORDER clears the existing list and allows userspace to specify an array of interface indexes used to build a new list. SIOCGIFORDER allow userspace to query the list...

macOS / iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds C

Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1108 SIOCSIFORDER is a new ioctl added in iOS 10. It can be called on a regular tcp socket, so from pretty much any sandbox. it falls through to calling:...

Apple macOS/iOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1108 SIOCSIFORDER is a new ioctl added in iOS 10. It can be called on a regular tcp socket, so from pretty much any sandbox. it falls through to calling: ifnetresetorderorderedindices, ifo-ifocount where orderedindicies points to...

macOS / iOS Kernel 10.12.3 (16D32) - SIOCGIFORDER Socket ioctl Off-by-One Memory Corruption

Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1111 SIOCSIFORDER and SIOCGIFORDER allow userspace programs to build and maintain the ifnetorderedhead linked list of interfaces. SIOCSIFORDER clears the existing list and allow...

Apple macOSiOS Kernel 10.12.3 (16D32) - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking

Apple macOSiOS Kernel 10.12.3 16D32 - SIOCSIFORDER Socket ioctl Memory Corruption Due to Bad Bounds Checking / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1108 SIOCSIFORDER is a new ioctl added in iOS 10. It can be called on a regular tcp socket, so from pretty much any...