This is a script manipulating a bug in OSX to escalate any user level process to Root privilege.
This is not my exploit, I'm going to be documenting how this exploit works for the benefit of myself and others.
Timeline
- Oct 2nd 2014: First discovery
- Oct 3rd 2014: First contact with Apple Product Security Team
- Oct 14th 2014: Exploit code shared with Apple
- Oct 24th 2014: Initial full disclosure date set to Jan 12th 2015
- Oct 16th 2014: Release of OS X 10.10 Yosemite, vulnerable to rootpipe
- Nov 14th 2014: Apple requested to postpone disclosure
- Nov 17th 2014: Release of OS X 10.10.1, also vulnerable
- Jan 12th 2015: Joint decision between Apple and TrueSec to postpone disclosure due to the amount of changes required in OS X
- Jan 16th 2015: CVE-2015-1130 created by Apple
- Jan 27th 2015: Release of OS X 10.10.2, also vulnerable
- March 2nd 2015: Release of OS X 10.10.3 public beta, issue solved
- April 1st 2015: Apple confirmed that release is coming the second week of April
- April 8th 2015: Release of OS X 10.10.3
- April 9th 2015: Full disclosure