OS X Kernel UaF with IOAccelDisplayPipeUserClient2 with spoofed no more senders notifications

Anon777 / google-security-research

Automatically exported from code.google.com/p/google-security-research

0 stars 0 forks source link

OS X Kernel UaF with IOAccelDisplayPipeUserClient2 with spoofed no more senders notifications #565

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

Kernel UaF with IOAccelDisplayPipeUserClient2 with spoofed no more senders 
notifications

repro: while true; do ./iospoof_ig_4; done

Likely to crash in various ways; have observed NULL derefs and NX traps.

Tested on ElCapitan 10.11 (15a284) on MacBookAir 5,2

Original issue reported on code.google.com by ianb...@google.com on 9 Oct 2015 at 7:12

Merged into: #553

Attachments:

iospoof_ig_4.c

GoogleCodeExporter commented 8 years ago

Original comment by ianb...@google.com on 9 Oct 2015 at 7:19

Added labels: Id-629716296, Reported-2015-Oct-09

GoogleCodeExporter commented 8 years ago

Original comment by ianb...@google.com on 20 Dec 2015 at 9:21

Changed state: Duplicate

GoogleCodeExporter commented 8 years ago

This bug was fixed as part of the fixed for CVE-2015-7047 so dup'ing into that 
issue

Original comment by ianb...@google.com on 20 Dec 2015 at 9:27

GoogleCodeExporter commented 8 years ago

Original comment by ianb...@google.com on 27 Jan 2016 at 5:13

Removed labels: Restrict-View-Commit