Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2016-1757

Published: 24/03/2016 Updated: 03/12/2016
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1
VMScore: 942
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Apple

Vulnerability Summary

Race condition in the kernel in Apple iOS prior to 9.3 and OS X prior to 10.11.4 allows malicious users to execute arbitrary code in a privileged context via a crafted app.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple mac os x

apple iphone os

Exploits

Exploit DB: Mach Race OSX - Local Privilege Escalation
Source: githubcom/gdbinit/mach_race Mach Race OS X Local Privilege Escalation Exploit (c) fG! 2015, 2016, reverser@putas - reverseputas A SUID, SIP, and binary entitlements universal OS X exploit (CVE-2016-1757) Usage against a SUID binary: /mach_race_server /bin/ps _compat_mode for i in seq 0 1000000; do /mach_race_cli ...
Exploit DB: Apple Mac OSX / iOS - SUID Binary Logic Error Kernel Code Execution
Source: bugschromiumorg/p/project-zero/issues/detail?id=676 tl;dr The code responsible for loading a suid-binary following a call to the execve syscall invalidates the task port after first swapping the new vm_map into the old task object leaving a short race window where we can manipulate the memory of the euid(0) process before the old ...

Github Repositories

https://github.com/pandazheng/IosHackStudy

Mac&IOS安全学习资料汇总

Mac&IOS HackStudy Mac&IOS安全学习资料汇总 Mac&IOS安全学习网站收集: samdmarshallcom wwwexploit-dbcom reverseputas highaltitudehackscom/security/ wwwdllhookcom/ wwwsecuritylearnnet/archives/ securitycompassgithubio/iPhoneLabs/indexhtml securityios-wikicom www

https://github.com/ozkanbilge/MacOSX-Kernel-Exploits

macos-kernel-exploits CVE-2015-3760 - DYLD_PRINT_TO_FILE 特性本地提权 CVE-2017-13872 - root 账号空口令提权漏洞 IOHIDeous - a macOS-only vulnerability in IOHIDFamily iOS/MacOS kernel double free due to IOSurfaceRootUserClient not respecting MIG ownership rules Apple macOS/IOS 10122(16C67) mach_msg Heap Overflow System Integrity Protection (SIP) bypas

https://github.com/SecWiki/macos-kernel-exploits

macos-kernel-exploits MacOS平台提权漏洞集合 https://www.sec-wiki.com

macos-kernel-exploits 本仓库维护目前已公开的 macos 提权漏洞,欢迎大家一起来维护这个仓库 已验证漏洞列表 CVE-2015-3760 - DYLD_PRINT_TO_FILE 特性本地提权 CVE-2017-13872 - root 账号空口令提权漏洞 其他漏洞 以下漏洞还未测试验证 IOHIDeous - a macOS-only vulnerability in IOHIDFamily iOS/MacOS kernel double free due to

https://github.com/shaveKevin/iOSSafetyLearning

SafetyLearning

iOSSafetyLearning IOS安全学习资料汇总 (1) IOS安全学习网站收集: wwwexploit-dbcom reverseputas highaltitudehackscom/security/ wwwdllhookcom/ wwwsecuritylearnnet/archives/ securitycompassgithubio/iPhoneLabs/indexhtml securityios-wikicom wwwopensecuritytraininginfo/IntroARMhtml true

https://github.com/gdbinit/mach_race

Exploit code for CVE-2016-1757

Mach Race OS X Local Privilege Escalation Exploit (c) fG! 2015, 2016, reverser@putas - reverseputas A SUID, SIP, and binary entitlements universal OS X exploit (CVE-2016-1757) Usage against a SUID binary: /mach_race_server /bin/ps _compat_mode for i in seq 0 1000000; do /mach_race_client /bin/ps; done Against an entitled binary to bypass SIP: /mach_race_server

https://github.com/pandazheng/Mac-IOS-Security

Mac&IOS安全学习资料汇总

Mac&IOS HackStudy Mac&IOS安全学习资料汇总 Mac&IOS安全学习网站收集: samdmarshallcom wwwexploit-dbcom reverseputas highaltitudehackscom/security/ wwwdllhookcom/ wwwsecuritylearnnet/archives/ securitycompassgithubio/iPhoneLabs/indexhtml securityios-wikicom www

Recent Articles

How Google's Project Zero made Apple refactor its kernel
The Register • Richard Chirgwin • 27 Oct 2016

MacOS, iOS task threading was open to hijack

When Apple shipped its security bug-fixes earlier this week, one patch mostly passed under the radar. Ian Beer of Google Project Zero, who found a deep-down vulnerability in the XNU kernel, first reported it to Apple in February this year, and it took until now to clean it up properly. It took eight months, apparently, because of a basic architectural feature of the kernel: calling target functions directly instead of via the MIG IPC (Mach interface generator inter process communication) layer i...

Read more...

References

CWE-362https://support.apple.com/HT206166http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.htmlhttps://support.apple.com/HT206167http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlhttps://www.exploit-db.com/exploits/39741/http://www.securitytracker.com/id/1035353https://bugs.chromium.org/p/project-zero/issues/detail?id=676https://www.exploit-db.com/exploits/39595/https://nvd.nist.govhttps://www.theregister.co.uk/2016/10/27/how_googles_project_zero_made_apple_refactor_its_kernel/https://www.exploit-db.com/exploits/39741/https://github.com/pandazheng/IosHackStudy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook