About the “tpwn” Local Privilege Escalation | BOT24

About the “tpwn” Local Privilege Escalation

This post had to come out two weeks ago, but due to school exams I haven’t had the time to write this down.

So, tpwn gains root on any OS X box running a system < 10.10.5 by gaining knowledge of the kernel address space layout randomisation slide followed by kernel code execution kickstarting a stack pivot which allows me to control the stack pointer of a kernel thread belonging to a controlled task.

more here.................http://blog.qwertyoruiop.com/?p=69

Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment


Post a Comment