voucher_swap: Exploiting MIG reference counting in iOS 12

In this post I'll describe how I discovered and exploited CVE-2019-6225, a MIG reference counting vulnerability in XNU's task_swap_mach_voucher() function. We'll see how to exploit this bug on iOS 12.1.

from Pocket http://bit.ly/2TqtojH
via IFTTT