One (Thread) Can Keep a (PRNG) Secret, but Not Two

We present a novel, practical attack on the IPv6 Fragment ID generation algorithm of XNU, which is the kernel used by Apple products such as macOS and iOS. This attack exploits a race-condition vulnerability in the algorithm's pseudorandom number generator PRNG to cryptanalytically break, learn t...

Exploit for Out-of-bounds Write in Apple Ipados

CVE-2026-20698 — XNU Kernel Heap Overflow via PFROUTE RTAGEN...

📄 macOS 10.13.4 (17E199) fgetattrlist Heap Overflow

Proof of concept Metasploit module that exploits a macOS version 10.13.4 heap overflow vulnerability. A kernel heap overflow exists in fgetattrlist due to missing lower-bound buffer size validation when writing returned attributes to caller-supplied memory...

📄 macOS 10.12.2 XNU Kernel Race Condition

This proof of concept code demonstrates a race condition observed in the setdpcontrolport function within XNU kernel versions prior to macOS 10.12.2 and iOS 10.2...

📄 macOS 10.12.2 XNU Kernel Privilege Escalation

This proof of concept targets a race‑condition vulnerability in the XNU kernel affecting macOS/iOS. By forcing a use‑after‑free condition on kernel ports, the exploit manipulates freed memory through a controlled spray, allowing a user‑controlled replacement object. Successful exploitation yields...

Modern IOS Security Features -- a Deep Dive into SPTM, TXM, and Exclaves

The XNU kernel is the basis of Apple's operating systems. Although labeled as a hybrid kernel, it is found to generally operate in a monolithic manner by defining a single privileged trust zone in which all system functionality resides. This has security implications, as a kernel compromise has...

EUVD-2015-5825

Malware in sbrugna...

EUVD-2007-4668

Malware in sbrugna...

EUVD-2009-1236

Malware in sbrugna...

EUVD-2013-3887

Malware in sbrugna...

XNU VM_BEHAVIOR_ZERO_WIRED_PAGES Page Write

There is an issue where XNU VMBEHAVIORZEROWIREDPAGES behavior allows writing to read-only pages...

PT-2025-3034 · Apple · Xnu Kernel +3

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 Description: A type confusion issue was addressed with improved memory handling. An attacker with user privileges may be able to read kernel memory due to...

Exploit for Out-of-bounds Write in Apple Ipados

CVE-2024-27815 XNU kernel buffer overflow. Introduced in xnu...

PT-2024-13027

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 17 Apple iPadOS versions prior to 17 Apple macOS versions prior to 14 Description This issue involves a use-after-free condition addressed through improved memory management. A malicious application may potentially...

Exploit for Race Condition in Apple Safari

MacDirtyCow Example of CVE-2022-46689 aka MacDirtyCow. Wh...

macOS Dirty Cow Arbitrary File Write Local Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Dirty Cow Arbitrary File Write Local Privilege Escalation', 'Description' = %q An app may be able to execute arbitrary code with kernel...

CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers

Posted by Ian Beer, Google Project Zero This blog post is my analysis of a vulnerability exploited in the wild and patched in early 2021. Like the writeup published last week looking at an ASN.1 parser bug, this blog post is based on the notes I took as I was analyzing the patch and trying to...

XNU inm_merge Heap Use-After-Free

XNU: heap-use-after-free in inmmerge VULNERABILITY DETAILS bsd/netinet/inmcast.c: int inpjoingroupstruct inpcb inp, struct sockopt sopt ... if isnew if imo-imonummemberships == imo-imomaxmemberships error = imogrowimo, 0; // 1 if error goto outimolocked; / Allocate the new slot upfront so we can...

Hackers Exploit macOS Zero-Day to Hack Hong Kong Users with new Implant

Google researchers on Thursday disclosed that it found a watering hole attack in late August exploiting a now-patched zero-day in macOS operating system and targeting Hong Kong websites related to a media outlet and a prominent pro-democracy labor and political group to deliver a never-before-see...

Apple iOS, iPadOS, and macOS Type Confusion Vulnerability

Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges...