About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Apple macOS Kernel OOB Write Privilege Escalation Vulnerability- 331

Ziad BadawiPosted 5 Years Ago
  • Some MacBooks have an Intel Graphics Modules with kernel extensions for managing it. This is where the vulnerability lies at.
  • In order to communicate with the API, Mach messages are used. Each type of message has a command number, a buffer and an arithmetic operation that produces an address of a structure.
  • This operation occurs without a boundary check, resulting in an OOB write vulnerability in kernel-land.
  • This can be used to get code execution in the kernel. To use this vulnerability to achieve code execution in the kernel, I do not fully understand. It appears to have something to do with being able to corrupt a value that is sent to processKernelCommand though.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed