CVE-2009-1235

macOS X < 10.5.6 - Privilege Escalation via HFS IOCTL Handler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1235. PoCs published by mu-b.

AI-analyzed exploit summary This exploit targets a local privilege escalation vulnerability in Apple MACOS X xnu kernels (versions 792.0 to 1228.x) by manipulating HFS file system attributes and leveraging a kernel memory corruption flaw. It uses shellcode to overwrite kernel structures and achieve root privileges.

Description

XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.

Exploits (1)

exploitdb WORKING POC VERIFIED

by mu-b · bashlocalosx

https://www.exploit-db.com/exploits/8266

View Code ZIP pw:eip

This exploit targets a local privilege escalation vulnerability in Apple MACOS X xnu kernels (versions 792.0 to 1228.x) by manipulating HFS file system attributes and leveraging a kernel memory corruption flaw. It uses shellcode to overwrite kernel structures and achieve root privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Apple MACOS X xnu kernel versions 792.0 to 1228.x

Auth required

Prerequisites: Local access to a vulnerable MACOS X system · Ability to compile and execute the exploit

MITRE ATT&CK