MTJailed
commented
6 years ago As an addition to this it seems when the poc couldn't find the corrupted port, the third attempt (without panics) causes a panic.
Does this have anything to do with specific zone allocation / free behaviour? Maybe someone can explain as I want to learn from this ;)
When the Xcode debugger is attached (A parent process id), the exploit is less reliable. Please run the exploit with the debugger detached for the best results.