/xattr-oob-swap

Demo exploit code for CVE-2020-27904, a tfp0 bug.

Primary LanguageCGNU General Public License v3.0GPL-3.0

xattr-oob-swap

CVE-2020-27904: a tfp0 bug for macOS 10.15.x and below.

Demo exploit code for my talk at BlackHat ASIA 2021.

The vulnerability has been fixed in macOS Big Sur 11.0, and the latest 10.15&10.14 security update.

Warranty

Use it on your own risk. This will make you macOS panic. I build it for security researchers only.

Current state

Get tfp0. Tested on macOS 10.15.2 (19C57), MacBook Pro with 16 GB RAM.

Fix kheap by yourself. I leave it empty on purpose.

Credits

  • Almost everything starts from oob_timestamp: Brandon Azad (@_bazad)

License

GPL-3.0 License

Misc

my twitter @pattern_F_

English is hard for me...

英语太难了...