A local privilege escalation chain from user to kernel for MacOS < 10.15.5. CVE-2020–9854
☆86Oct 15, 2020Updated 5 years ago
Alternatives and similar repositories for unauthd
Users that are interested in unauthd are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆35Dec 20, 2020Updated 5 years ago
- Binary Format of iOS 13 Sandbox Profile Collection☆52Oct 30, 2019Updated 6 years ago
- Experiment to attempt to build Apple's dyld tools.☆64May 29, 2020Updated 5 years ago
- kernel exploit for Apple iOS 13.X☆184Nov 27, 2020Updated 5 years ago
- A collection of Apple-related CTF writeups☆15Jan 17, 2022Updated 4 years ago
- One-Click to Completely Take Over A macOS Device☆18Aug 25, 2022Updated 3 years ago
- macOS Kernel Exploit for CVE-2019-8781.☆294Oct 15, 2019Updated 6 years ago
- iOS 12.0-13.3 tfp0☆153Nov 16, 2020Updated 5 years ago
- Objective C classdump for IDA Pro☆147Sep 1, 2020Updated 5 years ago
- p-joker -- iOS/MacOS kernelcache/kexts analysis tool☆112May 18, 2020Updated 5 years ago
- Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities☆413Mar 19, 2021Updated 5 years ago
- Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM☆180May 19, 2025Updated 10 months ago
- PCIDriverKit proof-of-concept for CVE-2022-26763☆37Jul 2, 2022Updated 3 years ago
- MacOS kernel memory leak (4 bytes)☆30Apr 14, 2020Updated 5 years ago
- PoC☆212Jan 13, 2025Updated last year
- CVE-2020-27950 exploit☆34Dec 1, 2020Updated 5 years ago
- IDA AArch64 processor extender extension: Adding support for ARMv8.5 memory tagging extension opcodes☆27Jul 6, 2020Updated 5 years ago
- Slides from my conference presentations.☆80Aug 5, 2020Updated 5 years ago
- symbol dumps of iOS shared caches☆34Oct 15, 2022Updated 3 years ago
- A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.☆165Sep 18, 2021Updated 4 years ago
- SnatchBox (CVE-2020-27935) is a sandbox escape vulnerability and exploit affecting macOS up to version 10.15.x☆32Dec 18, 2020Updated 5 years ago
- iOS system call/Mach trap interception for checkra1n'able devices☆159Aug 10, 2021Updated 4 years ago
- use https://github.com/argp/iBoot64helper which is the orginal repo and far more advanced☆33Sep 2, 2019Updated 6 years ago
- Binary tools library write in C☆10Nov 21, 2019Updated 6 years ago
- iOS <13.5 sandbox escape/entitlement 0day☆339Jan 5, 2026Updated 2 months ago
- IDA plugin to find code cross references to virtual functions using PAC codes☆147Mar 16, 2022Updated 4 years ago
- ☆17May 19, 2022Updated 3 years ago
- An IDAPython module for enhancing c++ support on top of ida_kernelcache☆141May 15, 2025Updated 10 months ago
- Browser based rce for iOS <= 14.3☆10May 26, 2025Updated 9 months ago
- PoC for the iOS 11.4.1 and MacOS 10.13 kernel vulnerability in lio_listio☆78Oct 31, 2018Updated 7 years ago
- ☆126Aug 3, 2024Updated last year
- Another Virtualization.framework demo project, with focus to iBoot (WIP)☆178Dec 2, 2023Updated 2 years ago
- Extreme Vulnerable IOKit driver☆93Jan 23, 2021Updated 5 years ago
- Source code and exploits for some 35c3ctf challenges.☆143Dec 30, 2018Updated 7 years ago
- ☆133Dec 25, 2021Updated 4 years ago
- CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape, privilege escalation, and codesign…☆259Nov 13, 2018Updated 7 years ago
- A tool for debugging macOS virtual machines☆113Jul 28, 2020Updated 5 years ago
- Bidirectional XPC message interception and more. Powered by Frida☆430Nov 9, 2022Updated 3 years ago
- an iOS kernel function hooking framework for checkra1n'able devices☆588Oct 6, 2021Updated 4 years ago