CVE-2015-7047

This exploit demonstrates a kernel use-after-free (UaF) vulnerability in IOAccelDisplayPipeUserClient2 by spoofing 'no more senders' notifications. It triggers the vulnerability by sending crafted Mach messages to the IntelAccelerator service, potentially leading to kernel crashes or arbitrary code execution.

This exploit demonstrates a kernel use-after-free (UaF) vulnerability in macOS El Capitan 10.11 due to improper handling of spoofed no-more-senders notifications in the audit session port. The PoC sends a crafted Mach message to trigger the vulnerability.

This exploit demonstrates a use-after-free vulnerability in the mach voucher subsystem of OS X and iOS. It sends spoofed no-more-senders notifications to a voucher mach port, causing a race condition that leads to a kernel panic due to decrementing the reference count of a freed object.

This exploit demonstrates a kernel use-after-free (UaF) vulnerability in IOAccelMemoryInfoUserClient by spoofing 'no more senders' notifications. It triggers the vulnerability by sending crafted Mach messages to the IntelAccelerator service, leading to potential privilege escalation or denial of service.

This exploit triggers a race condition in OS X's IOBluetoothHCIController by sending spoofed no-more-senders notifications on two threads, leading to unsafe parallel OSArray manipulation and memory corruption.