"Just like the Windows platform, graphic drivers of macOS kernel are complicated and provide a large promising attack surface for EoPs and sandbox escapes from low-privileged processes. After auditing part of the binaries, I discovered a number of vulnerabilities last year. Including, NULL pointer dereference, stack-based buffer overflow, arbitrary kernel memory read and write, use-after-free, etc. Some of these vulnerabilities were reported to Apple Inc., such as the CVE-2017-7155, CVE-2017-7163, CVE-2017-13883.
In this presentation, I will share with you the detailed information about these vulnerabilities. Furthermore, from the attacker's perspective, I will also reveal some new exploit techniques and zero-days."
3. Pluto Flyby: The Story of a Lifetime, NASA, 2016
New Horizons Team Reacts to Latest Image of Pluto, NASA, 2015
9 Years, 3 Billion Miles: The Journey of New Horizons
4. - Weapon X rootkit
- Rubilyn rootkit
- OS X/Crisis DAVINCI rootkit (Hacking Team)
https://github.com/hackedteam/driver-macos
- Inficere rootkit
https://github.com/enzolovesbacon/inficere
- Uninformed volume 4 - Abusing Mach on Mac OS X
- Phrack magazine #64 - Mac OS X wars - a XNU Hope
- Phrack magazine #66 - Developing Mac OS X Kernel Rootkits
- Phrack magazine #69 - Revisiting Mac OS X Kernel Rootkits
5. - Process/Dynamic library
- File/Configuration
- Kernel kext module
- Network traffic
- User mode/Kernel mode communication mechanism
6. - Doubly-linked list manipulation
- DKOM(Direct Kernel Object Manipulation)/Hot Patch
- Dispatch table hook/Inline hook
- Mach-O format parser/Kernel symbol
- Kernel exploitation
31. iOS Kernel Debugging
iOS Kernel Exploitation, Black Hat Europe 2011
A Smooth Sea Never Made A Skilled Sailor
32. A Smooth Sea Never Made A Skilled Sailor
https://github.com/kashifmin/KashKernel_4.2/blob/master/mediatek/platform/mt6589/kernel/drivers/mmc-host/mt_sd_misc.c#L990
Android/Linux
Kernel Debugging