NA

CVE-2019-6225

Vulnerability Summary

OS X update for Kernel (CVE-2019-6225)

Apple macOS could allow a local attacker to gain elevated privileges on the system, caused by a memory corruption in the Kernel component. By using a specially-crafted application, an attacker could exploit this vulnerability to gain elevated privileges on the system.

Vulnerability Trend

Exploits

/* * voucher_swap-pocc * Brandon Azad */ #if 0 iOS/macOS: task_swap_mach_voucher() does not respect MIG semantics leading to use-after-free The dangers of not obeying MIG semantics have been well documented: see issues 926 (CVE-2016-7612), 954 (CVE-2016-7633), 1417 (CVE-2017-13861, async_wake), 1520 (CVE-2018-4139), 1529 (CVE-2018-4206), and 1 ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-1-22-2 macOS Mojave 10143, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra macOS Mojave 10143, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra are now available and addresses the following: AppleKeyStore Available for: macOS Mojave 1014 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-1-22-4 tvOS 1212 tvOS 1212 is now available and addresses the following: AppleKeyStore Available for: Apple TV 4K and Apple TV (4th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with impr ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-1-22-4 tvOS 1212 tvOS 1212 is now available and addresses the following: AppleKeyStore Available for: Apple TV 4K and Apple TV (4th generation) Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption issue was addressed with impr ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-1-22-2 macOS Mojave 10143, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra macOS Mojave 10143, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra are now available and addresses the following: AppleKeyStore Available for: macOS Mojave 1014 ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-1-22-1 iOS 1213 iOS 1213 is now available and addresses the following: AppleKeyStore Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption is ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-1-22-1 iOS 1213 iOS 1213 is now available and addresses the following: AppleKeyStore Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A memory corruption is ...

Github Repositories

OsirisJailbreak12 iOS 120 -> 1212 Incomplete Jailbreak with CVE-2019-6225

M0d3rn Jailbreak iOS 120 -> 1212 Jailbreak with CVE-2019-6225 based off of GeoSn0w's Osiris Jailbreak An incomplete iOS 12 Jailbreak For now it only runs the exploit, gets tfp0, gets root, escapes the sandbox, writes a test file to prove the sandbox was escaped then resprings 4K devices are not supported for now A12 and other 16K devices are DEVELOPER JAILBRE

Chaos kernel bug for iOS 120 through 1212 PoC & Writeup (CVE-2019-6225) Read everything please This only works with 64-bit devices running 120 - 1212 Writeup by @haxoorr (me) I made a clean writeup because the original PoC was posted as an image Fixed in iOS 1213 (16D39) If you're interested in bootstrapping iOS kernel security research (including

voucher_swap - Exploit for P0 issue 1731 on iOS 1212 Brandon Azad ---- Issue 1731: CVE-2019-6225 -------------------------------------------------------------------- iOS/macOS: task_swap_mach_voucher() does not respect MIG semantics leading to use-after-free Consider the MIG routine task_swap_mach_voucher(): routine task_swap_mach_voucher( task : task_t; new_voucher : ipc_vo

voucher_swap - Exploit for P0 issue 1731 on iOS 1212 Brandon Azad ---- Issue 1731: CVE-2019-6225 -------------------------------------------------------------------- iOS/macOS: task_swap_mach_voucher() does not respect MIG semantics leading to use-after-free Consider the MIG routine task_swap_mach_voucher(): routine task_swap_mach_voucher( task : task_t; new_voucher : ip

voucher_swap - Exploit for P0 issue 1731 on iOS 1212 Brandon Azad ---- Issue 1731: CVE-2019-6225 -------------------------------------------------------------------- iOS/macOS: task_swap_mach_voucher() does not respect MIG semantics leading to use-after-free Consider the MIG routine task_swap_mach_voucher(): routine task_swap_mach_voucher( task : task_t; new_voucher : ip

Chaos kernel bug for iOS 120 through 1212 PoC & Writeup (CVE-2019-6225) Read everything please This only works with 64-bit devices running 120 - 1212 Writeup by @haxoorr (me) I made a clean writeup because the original PoC was posted as an image Fixed in iOS 1213 (16D39) If you're interested in bootstrapping iOS kernel security research (including

OsirisJailbreak12 iOS 120 -> 1212 Incomplete Jailbreak with CVE-2019-6225 An incomplete iOS 12 Jailbreak For now it only runs the exploit, gets tfp0, gets ROOT, escapes the SandBox, writes a test file to prove the sandbox was escaped then resprings Feel free to build on top of it as long as you respect the GPLv3 license Older (4K) devices are not supported for now

References