/multicast_bytecopy

kernel r/w exploit for iOS 15.0 - 15.1.1

Primary LanguageC

multicast_bytecopy

This code is published for security researchers, do not use this code for any purpose unless you know what you are doing.

multicast_bytecopy is a kernel r/w exploit for iOS 15.0 - 15.1.1 by @jaakerblom and the spiritual successor of multipath_kfree.

The exploit can be adapted to gain kernel r/w on prior iOS versions. This implementation is for iOS 15.0 - 15.1.1.

The bug exploited is CVE-2021-30937 patched in iOS 15.2. The code uses iokit.h by @s1guza and a couple of IOSurface definitions by @bazad.