http://matasanochargen.disqus.com/enTue, 03 Oct 2006 00:30:58 -0000http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/#comment-2320726Nemo published some related work in Uninformed back in March. He did a good job of explaining the core fundamentals of the Mach subsystem in OSX and demonstrated various methods of subverting the BSD security features using the Mach subsystem. Definitely a good read.rjohnsonTue, 03 Oct 2006 00:30:58 -0000http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/#comment-2320725Great work. Privilege chaining issues are cool.Steve ChristeyMon, 02 Oct 2006 14:59:38 -0000http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/#comment-2320724Vendor disclosure's not broken!NateMon, 02 Oct 2006 10:44:39 -0000http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/#comment-2320723Hello Ilja,<br><br>I wouldn't be surprised if there are some way older slightly less-than-public exploits for it also, the bug has been around for a long while. Once I get NeXTSTEP 3.3 running in a VM, I'll see if they had the bug also :).DinoMon, 02 Oct 2006 10:12:44 -0000http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/#comment-2320722there's been a public exploit out for this bug for about a year I think. Nice apple finally fixed it :)iljaMon, 02 Oct 2006 00:04:00 -0000