EIP-2026-103366

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103366. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a copy-on-write (CoW) vulnerability in macOS XNU kernel, where modifications to a mounted FAT filesystem image bypass virtual memory protections, allowing an attacker to alter memory mappings in another process. The PoC includes multiple components to trigger memory pressure and observe the inconsistency.

Description

macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmacos

https://www.exploit-db.com/exploits/46478

View Code ZIP pw:eip

This exploit demonstrates a copy-on-write (CoW) vulnerability in macOS XNU kernel, where modifications to a mounted FAT filesystem image bypass virtual memory protections, allowing an attacker to alter memory mappings in another process. The PoC includes multiple components to trigger memory pressure and observe the inconsistency.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: macOS XNU kernel (unspecified version)

No auth needed

Prerequisites: Access to a macOS system with sufficient privileges to mount a FAT filesystem image · Ability to compile and execute C code

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image

Exploitation Summary

Description

Exploits (1)

Details