Mac OS X Networkd XPC Type Confusion Sandbox Escape

Posted by deepcore on November 17, 2015 – 1:07 pm

networkd is the system daemon which implements the com.apple.networkd XPC service. It’s unsandboxed but runs as its own user. com.apple.networkd is reachable from many sandboxes including the Safari WebProcess and ntpd (plus all those which allow system-network). networkd parses quite complicated XPC messages and there are many cases where xpc_dictionary_get_value and xpc_array_get_value are used without subsequent checking of the type of the returned value.

Tags: Apple, ios, osx
This post is under “Apple” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [papers] – [Portuguese] Ataques Avançados contra CPL (Control Panel Applets) zTree 3.5.19.1 Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Mac OS X Networkd XPC Type Confusion Sandbox Escape

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL