badmalloc (CVE-2023-32428) - a macOS LPE

Posted on 2024-11-24 in blog • Tagged with macOS, ASB, LPE, 0day

I recently realised that I still owe you guys some writeups, so since OBTSv7 is around the corner here's the one for badmalloc. I found this back in March 2023, and it got fixed in October.

About the bug

There's a bug in MallocStackLogging, Apple's "magical" framework that allows developers …


Continue reading

batsignal (no CVE) - a macOS LPE

Posted on 2023-10-30 in blog • Tagged with macOS, ASB, LPE, 0day

UPDATE:

A couple hours after publication the Apple Security Changelogs were updated across the board, and they added me to CVE-2022-26704. I knew this was in the works, but it's still good to see. Thank you :)

This post is a writeup of batsignal, a macOS local privilege escalation bug from …


Continue reading