saagarjha/macOSSandboxInitializationBypass external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

saagarjha/macOSSandboxInitializationBypass

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/saagarjha/macOSSandboxInitializationBypass)

Close

saagarjha / macOSSandboxInitializationBypassView on GitHubMore

• External links
• Readme badge

App sandbox escapes for macOS

☆31May 20, 2020Updated 5 years ago

Alternatives and similar repositories for macOSSandboxInitializationBypass

Users that are interested in macOSSandboxInitializationBypass are comparing it to the libraries listed below

• bazad / launchd-portrep

  View on GitHub
  CVE-2018-4280: Mach port replacement vulnerability in launchd on macOS 10.13.5 leading to local privilege escalation and SIP bypass.
  ☆59Oct 28, 2018Updated 7 years ago
• Siguza / hsp4

  View on GitHub
  macOS kext for host_special_port(4) patch
  ☆90Nov 13, 2023Updated 2 years ago
• saaramar / iOS_memory_exhaustion_writeup

  View on GitHub
  ☆20May 24, 2021Updated 4 years ago
• pinauten / CryptexManager

  View on GitHub
  CryptexManager is an open-source replacement for cryptexctl
  ☆19May 16, 2022Updated 3 years ago
• mattstevens / lsquery

  View on GitHub
  A command line tool to query the Launch Services database
  ☆15Jul 28, 2018Updated 7 years ago
• skr0x1c0 / binja_kc

  View on GitHub
  Plugin for loading MachO kernelcache and dSYM files to Binary Ninja
  ☆40Mar 23, 2025Updated 11 months ago
• Proteas / sep-misc-A10-14.1-18A8395

  View on GitHub
  some research results of sep
  ☆20Apr 9, 2021Updated 4 years ago
• palera1n / ibootpatch2

  View on GitHub
  iboot patcher to be used with magicalcatnyan
  ☆16Dec 28, 2022Updated 3 years ago
• Siguza / nordump

  View on GitHub
  Apple Silicon NOR dumper
  ☆49Nov 8, 2023Updated 2 years ago
• ributzka / tapi

  View on GitHub
  Open source drop of TAPI
  ☆40Sep 7, 2017Updated 8 years ago
• NSAntoine / printents

  View on GitHub
  ☆17Dec 18, 2022Updated 3 years ago
• externalist / presentations

  View on GitHub
  Some presentations I did in the past
  ☆65Apr 17, 2023Updated 2 years ago
• malus-security / ios-sandbox-profiles

  View on GitHub
  Reversed iOS sandbox profile files
  ☆24Jun 6, 2020Updated 5 years ago
• sektioneins / sandbox_toolkit

  View on GitHub
  Toolkit for binary iOS / OS X sandbox profiles
  ☆146Nov 2, 2015Updated 10 years ago
• jonpalmisc / objc-kb

  View on GitHub
  Notes on the Objective-C ABI and related topics
  ☆52Nov 20, 2023Updated 2 years ago
• jevinskie / m1n1-xnu-boot

  View on GitHub
  A bootloader and experimentation playground for Apple Silicon. Modified to boot XNU/macOS kernels.
  ☆19Dec 25, 2021Updated 4 years ago
• NyanSatan / kanzitools

  View on GitHub
  Set of tools to interact with various aspects of Kanzi probe and its derivatives
  ☆56Sep 11, 2025Updated 5 months ago
• jevinskie / jevmachopp

  View on GitHub
  Modern C++, range-based Mach-O parser designed for embedded use. Uses stack allocations only.
  ☆34Oct 31, 2022Updated 3 years ago
• apple-oss-distributions / Security

  View on GitHub
  ☆117Jan 8, 2026Updated last month
• bazad / blanket

  View on GitHub
  CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape, privilege escalation, and codesign…
  ☆258Nov 13, 2018Updated 7 years ago
• NyanSatan / checkm8_bootkit

  View on GitHub
  Boot arbitrary iBoot via ipwndfu's custom protocol on 32-bit platforms (and more)
  ☆65Dec 21, 2025Updated 2 months ago
• xerub / reexport

  View on GitHub
  Reexport symbols for Mach-O and ELF
  ☆38Mar 2, 2018Updated 8 years ago
• 0xbf00 / simbple

  View on GitHub
  macOS Sandbox Profile Language (SBPL) Interpreter
  ☆57May 24, 2020Updated 5 years ago
• Siguza / dt

  View on GitHub
  DeviceTree
  ☆80Oct 12, 2024Updated last year
• gdbinit / llvmpatches

  View on GitHub
  Misc llvm patches
  ☆23Jul 17, 2021Updated 4 years ago
• synacktiv / CVE-2021-1782

  View on GitHub
  ☆39Feb 10, 2021Updated 5 years ago
• cellebrite-labs / ida_kernelcache

  View on GitHub
  An IDA Toolkit for analyzing iOS kernelcaches.
  ☆110May 15, 2025Updated 9 months ago
• malus-security / sandblaster

  View on GitHub
  Reversing the Apple sandbox
  ☆251Apr 24, 2025Updated 10 months ago
• zhuowei / HvDecompile

  View on GitHub
  Decompiling macOS Hypervisor.framework by hand
  ☆134Sep 13, 2022Updated 3 years ago
• cellebrite-labs / PacXplorer

  View on GitHub
  IDA plugin to find code cross references to virtual functions using PAC codes
  ☆147Mar 16, 2022Updated 3 years ago
• gergelykalman / CVE-2023-32364-macos-app-sandbox-escape

  View on GitHub
  Exploit for CVE-2023-32364
  ☆22Sep 26, 2023Updated 2 years ago
• blacktop / go-hypervisor

  View on GitHub
  Apple Hypervisor.framework bindings for Golang
  ☆35Jan 12, 2026Updated last month
• synacktiv / CVE-2021-3492

  View on GitHub
  PoC for CVE-2021-3492 used at Pwn2Own 2021
  ☆42Aug 3, 2021Updated 4 years ago
• Vector35 / BinaryNinjaImporter

  View on GitHub
  ☆27Oct 19, 2018Updated 7 years ago
• Soulghost / play_with_siguza_first_0day

  View on GitHub
  a toy to play with siguza's very first 0 day - sandbox escape
  ☆19Dec 10, 2020Updated 5 years ago
• Siguza / misc

  View on GitHub
  ☆37Feb 19, 2025Updated last year
• jsherman212 / xnuspy

  View on GitHub
  an iOS kernel function hooking framework for checkra1n'able devices
  ☆582Oct 6, 2021Updated 4 years ago
• JonathanSeals / Ancient-iBoot-Fun

  View on GitHub
  iOS 5.x iBoot fun for the whole family!
  ☆43Apr 23, 2020Updated 5 years ago
• redpig / patient0

  View on GitHub
  Runtime code injection suite for exploring OS X process security
  ☆40Jun 1, 2009Updated 16 years ago