exploit the possibilities
Showing 76 - 100 of 124 RSS Feed

Files from ianbeer

Email addressianbeer at google.com
First Active2014-12-02
Last Active2021-07-14
OS X AppleGraphicsDeviceControl NULL Pointer Dereference
Posted Jun 9, 2016
Authored by Google Security Research, ianbeer

There is an OS X exploitable kernel NULL pointer dereference in AppleGraphicsDeviceControl.

tags | exploit, kernel
systems | apple
advisories | CVE-2016-1793
MD5 | bee896e16eff203e20c582d8ff55f47d
OS X / iOS Kernel IOHDIXControllerUserClient Use-After-Free
Posted Jun 9, 2016
Authored by Google Security Research, ianbeer

This is a proof of concept of an OS X / iOS kernel use-after-free racing getProperty on IOHDIXController and testNetBootMethod on IOHDIXControllerUserClient.

tags | exploit, kernel
systems | apple
advisories | CVE-2016-1807
MD5 | 35e279ae7cff0f34e10da631796d952d
OS X IOAudioEngine NULL Pointer Dereference
Posted Jun 9, 2016
Authored by Google Security Research, ianbeer

There is an OS X exploitable kernel NULL pointer dereference in IOAudioEngine.

tags | exploit, kernel
systems | apple
advisories | CVE-2016-1821
MD5 | 3b547f466b677f9b8e3c44e554956028
OS X Kernel Raw Cast Out-Of-Bounds Read
Posted Jun 9, 2016
Authored by Google Security Research, ianbeer

Proof of concept demonstrating an OS X kernel out-of-bounds read of an object pointer due to insufficient checks in raw cast to enum type.

tags | exploit, kernel
systems | apple
advisories | CVE-2016-1823
MD5 | 55bf7b567c533522a38006e0cb5d141e
OS X GeForce.kext NULL Pointer Dereference
Posted Jun 9, 2016
Authored by Google Security Research, ianbeer

There is an OS X exploitable kernel NULL pointer dereference in nvCommandQueue::GetHandleIndex in GeForce.kext.

tags | exploit, kernel
systems | apple
advisories | CVE-2016-1846
MD5 | a3a30462b49c71303f91d487a89a903e
OS X Kernel GeFore GPU Driver Stack Buffer Overflow
Posted Jun 9, 2016
Authored by Google Security Research, ianbeer

There's an OS X kernel stack buffer overflow in the GeForce gpu driver.

tags | exploit, kernel
systems | apple
advisories | CVE-2016-1861
MD5 | 5c64b994fa14c4e33020ba94605900f3
OS X AppleMuxControl.kext NULL Pointer Dereference
Posted Jun 9, 2016
Authored by Google Security Research, ianbeer

There is an OS X exploitable kernel NULL pointer dereference in AppleMuxControl.kext.

tags | exploit, kernel
systems | apple
advisories | CVE-2016-1794
MD5 | 80d3bd172af83bec8656282b2a2ac45e
OS X Kernel Use-After-Free From IOAcceleratorFamily2 Bad Locking
Posted Jun 9, 2016
Authored by Google Security Research, ianbeer

The OS X kernel suffers from a use-after-free vulnerability due to bad locking in IOAcceleratorFamily2.

tags | exploit, kernel
systems | apple
advisories | CVE-2016-1819
MD5 | 08738b67d158362ec1b1b52f8a6a7aad
OS X IOAccelSharedUserClient2::page_off_resource NULL Pointer Dereference
Posted Jun 9, 2016
Authored by Google Security Research, ianbeer

There is an OS X exploitable kernel NULL dereference in IOAccelSharedUserClient2::page_off_resource.

tags | exploit, kernel
systems | apple
advisories | CVE-2016-1813
MD5 | f12afe474448c13073407ed01c8ee070
Linux perf_event_open() / execve() Race Condition
Posted May 3, 2016
Authored by Google Security Research, ianbeer

A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs.

tags | exploit, local
systems | linux
MD5 | 8a00dfb29a5769d243754a1a99030296
OS X Kernel AppleUSBPipe::Abort Missing Bounds Checking
Posted Mar 22, 2016
Authored by Google Security Research, ianbeer

Mac OS X kernel suffers from a code execution vulnerability due to a lack of bounds checking in AppleUSBPipe::Abort.

tags | exploit, kernel, code execution
systems | linux, apple, osx
advisories | CVE-2016-1749
MD5 | bed149432923b940c127c1235d8bcd34
OS X Kernel AppleKeyStore Use-After-Free
Posted Mar 22, 2016
Authored by Google Security Research, ianbeer

The AppleKeyStore userclient uses an IOCommandGate to serialize access to its userclient methods, however by racing two threads, one of which closes the userclient (which frees the IOCommandGate) and one of which tries to make an external method call we can cause a use-after-free of the IOCommandGate.

tags | exploit
systems | linux
advisories | CVE-2016-1755
MD5 | 28d80c38ca1c4a122d94f26bd1b48d9e
OS X Kernel Nvidia Driver Unchecked Array Index
Posted Mar 22, 2016
Authored by Google Security Research, ianbeer

Mac OS X kernel has an issue where an unchecked array index can be used to read an object pointer then call a virtual method in the Nvidia GEForce driver.

tags | exploit, kernel
systems | linux, apple, osx
advisories | CVE-2016-1741
MD5 | a47e6c7658312f6b320a70c4c60eab37
OS X Kernel Use-After-Free / Double Delete
Posted Mar 22, 2016
Authored by Google Security Research, ianbeer

The Mac OS X kernel suffers from use-after-free and double delete issues due to incorrect locking in the Intel GPU driver.

tags | exploit, kernel
systems | linux, apple, osx
advisories | CVE-2016-1744
MD5 | 0fa2674827e519c2c3e1d71a56b5d833
OS X / iOS Suid Binary Logic Error Code Execution
Posted Mar 22, 2016
Authored by Google Security Research, ianbeer

The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vm_map into the old task object leaving a short race window where we can manipulate the memory of the euid(0) process before the old task port is destroyed.

tags | exploit
systems | linux
advisories | CVE-2016-1757
MD5 | 58c8a1c7d992ae37e0572d86f40f5412
Adobe Flash op_pushwith Incorrect Jit Optimization
Posted Mar 16, 2016
Authored by Google Security Research, ianbeer

The avmplus bytecode verifier misses a control-flow path via op_pushwith throwing an exception allowing crafted bytecode to be incorrectly optimized which can trivially be abused to get code execution.

tags | exploit, code execution
systems | linux
advisories | CVE-2014-0586
MD5 | 2c70ef02f129e446597e6ba7cb2c7bc0
Chrome GPU Process Sandbox Escape
Posted Mar 11, 2016
Authored by Google Security Research, ianbeer

The Chrome GPU process suffers from a sandbox escape vulnerability due to the use of an invalid iterator in its IPC handler.

tags | advisory
systems | linux
advisories | CVE-2016-1642
MD5 | b19f27dd942724a40b8a331bec005ec1
OS X Sysmond XPC Type Confusion Privilege Escalation
Posted Feb 10, 2016
Authored by Google Security Research, ianbeer

OS X suffers from a privilege escalation vulnerability due to XPC type confusion in sysmond.

tags | exploit
systems | linux, apple, osx
advisories | CVE-2014-8835
MD5 | 3ac26a15ec16701e2fb2e821afc62436
iOS Kernel IOHIDEventService Use-After-Free
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

The iOS kernel suffers from a use-after-free vulnerability in IOHIDEventService.

tags | exploit, kernel
systems | cisco, linux, ios
advisories | CVE-2016-1719
MD5 | 17fd1039e481d24448d676071d0469a3
IOSCSIPeripheralDeviceType00 Kernel Null Dereference
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

Opening userclient type 12 of IOSCSIPeripheralDeviceType00 leads to an exploitable kernel NULL dereference.

tags | exploit, kernel
systems | linux
advisories | CVE-2015-7068
MD5 | 6ccc02e76c6f74c7a0a94ab6c4685056
iOS Kernel AppleOscarCompass Use-After-Free
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

The iOS kernel suffers from a use-after-free vulnerability in AppleOscarCompass.

tags | exploit, kernel
systems | cisco, linux, ios
advisories | CVE-2016-1719
MD5 | dd4489055ce445b6df7ffea87cee6e52
iOS / OS X Kernel Uninitialized Variable Code Execution
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

The _ool variations of the IOKit device.defs functions all incorrectly deal with error conditions. If you run the mig tool on device.defs you can see the source of the kernel-side MIG handling code.

tags | exploit, kernel
systems | linux
advisories | CVE-2016-1721
MD5 | 170d947b064b72c03f13952426b22864
iOS Kernel AppleOscarAccelerometer Use-After-Free
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

The iOS kernel suffers from a use-after-free vulnerability in AppleOscarAccelerometer.

tags | exploit, kernel
systems | cisco, linux, ios
advisories | CVE-2016-1719
MD5 | dd48bed8e0e9e332145dc0ac5e571f13
iOS / OS X Kernel IOHDIXControllUserClient:clientClose UAF / Double Free
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

iOS / OS X kernels suffer from a use-after-free / double free vulnerability due to lack of locking in IOHDIXControllUserClient:clientClose.

tags | exploit, kernel
systems | cisco, linux, apple, osx, ios
advisories | CVE-2015-7110
MD5 | 4ca3511924adc3aa52a467b0ddf5ed87
IOBluetoothHCIUserClient Lack Of Bounds Checking
Posted Jan 27, 2016
Authored by Google Security Research, ianbeer

IOBluetoothHCIUserClient uses an IOCommandGate to dispatch external methods; it passes a pointer to the structInput of the external method as arg0 and ::SimpleDispatchWL as the Action. It neither passes nor checks the size of that structInput, and SimpleDispatchWL goes on to read the field at +0x70 of the structInput.

tags | exploit
systems | linux
advisories | CVE-2015-7108
MD5 | e6f2ca666856de127e63494985d8e064
Page 4 of 5
Back12345Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    2 Files
  • 19
    Sep 19th
    2 Files
  • 20
    Sep 20th
    14 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close