Rootpipe Reborn (Part II): CVE-2019-8565 Feedback Assistant Race Condition
Relying on pid to validate IPC peer is unsafe.
Rootpipe Reborn (Part II): CVE-2019-8565 Feedback Assistant Race Condition
Relying on pid to validate IPC peer is unsafe.
Rootpipe Reborn (Part I): TimeMachine Command Injection
Applying web security tricks to macOS LPE bugs.
Rootpipe Reborn (Part I): TimeMachine Command Injection
Applying web security tricks to macOS LPE bugs.
One-liner Safari Sandbox Escape Exploit
TOCTOU bug in CoreFoundation and state change of sandbox lockdown on macOS Safari, leading to easy sandbox escape.
One-liner Safari Sandbox Escape Exploit
TOCTOU bug in CoreFoundation and state change of sandbox lockdown on macOS Safari, leading to easy sandbox escape.
CVE-2018-4991: Adobe Creative Cloud Desktop Local Privilege Escalation via Signature Bypass
The private API design of XPC could make it hard for 3rd-party developers to write security code.
CVE-2018-4991: Adobe Creative Cloud Desktop Local Privilege Escalation via Signature Bypass
The private API design of XPC could make it hard for 3rd-party developers to write security code.
CVE-2018-8412: MS Office 2016 for Mac Privilege Escalation via a Legacy Package
Code signature bypass and insecure sideloading result in privilege escalation in Microsoft Office 2016 for Mac
CVE-2018-8412: MS Office 2016 for Mac Privilege Escalation via a Legacy Package
Code signature bypass and insecure sideloading result in privilege escalation in Microsoft Office 2016 for Mac
Something About #realworldctf doc2own
Get some real life 0day by playing CTF challenges.
Something About #realworldctf doc2own
Get some real life 0day by playing CTF challenges.