PoC demo for CVE-2019-8852, a tfp0 bug.# CVE-2019-8852
A tfp0 bug for macOS 10.15.1 and below.
# Warranty
**Use it on your own risk. This will make you macOS panic.** I build it for security researchers only.
# Current state
Just a PoC, convert the vulnerability to a useful UAF.
Tested on **macOS 10.14.6 (18G103)**, MacBook Pro with 16 GB RAM.
# Credits
* Almost everything starts from oob_timestamp: Brandon Azad (@_bazad)
# License
GPL-3.0 License
# Misc
my twitter [@pattern_F_](https://twitter.com/pattern_F_)
English is hard for me...
英语太难了...
[4.0K] /data/pocs/444009079eec0557493e0ae9c9a269956586d5bd
├── [4.0K] exploit-1
│ ├── [7.6K] apple_double.c
│ ├── [3.8K] apple_double.h
│ ├── [9.0K] exploit.c
│ ├── [1.8K] ipc_port.h
│ └── [ 292] main.c
├── [ 34K] LICENSE
├── [ 77] Makefile
├── [4.0K] mylib
│ ├── [ 20K] IOSurface_lib.c
│ ├── [ 962] kapi.h
│ ├── [3.2K] kapi_memory.c
│ ├── [4.3K] k_offsets.c
│ ├── [2.5K] k_offsets.h
│ ├── [4.8K] k_utils.c
│ ├── [ 516] k_utils.h
│ ├── [1.8K] mycommon.h
│ ├── [1.8K] sys_darwin.c
│ ├── [ 53K] user_kernel_alloc.c
│ ├── [3.0K] user_kernel_alloc.h
│ ├── [6.7K] utils.c
│ └── [ 938] utils.h
├── [ 536] README.md
└── [ 509] run-exploit.py
2 directories, 22 files