CVE-2016-7612

HIGH

iPhone OS < 10.2, macOS < 10.12.2, watchOS < 3.1.3 - Kernel Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-7612. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a reference count overflow in the XNU kernel's mach port handling, specifically in the `io_service_add_notification_ool_64` MIG method, to achieve a use-after-free (UaF) condition. By repeatedly sending malformed requests, the reference count of an `ipc_port_t` object overflows, leading to a kernel UaF and potential privilege escalation.

Description

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/40955

View Code ZIP pw:eip

This exploit leverages a reference count overflow in the XNU kernel's mach port handling, specifically in the `io_service_add_notification_ool_64` MIG method, to achieve a use-after-free (UaF) condition. By repeatedly sending malformed requests, the reference count of an `ipc_port_t` object overflows, leading to a kernel UaF and potential privilege escalation.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: Apple XNU kernel (macOS/iOS)

No auth needed

Prerequisites: Access to a vulnerable macOS/iOS system · Ability to send mach messages to the kernel

MITRE ATT&CK