http://matasanochargen.disqus.com/enTue, 03 Oct 2006 00:30:58 -0000http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/#comment-2320726<p>Nemo published some related work in Uninformed back in March. He did a good job of explaining the core fundamentals of the Mach subsystem in OSX and demonstrated various methods of subverting the BSD security features using the Mach subsystem. Definitely a good read.</p>rjohnsonTue, 03 Oct 2006 00:30:58 -0000http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/#comment-2320725<p>Great work. Privilege chaining issues are cool.</p>Steve ChristeyMon, 02 Oct 2006 14:59:38 -0000http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/#comment-2320724<p>Vendor disclosure's not broken!</p>NateMon, 02 Oct 2006 10:44:39 -0000http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/#comment-2320723<p>Hello Ilja,</p><p>I wouldn't be surprised if there are some way older slightly less-than-public exploits for it also, the bug has been around for a long while. Once I get NeXTSTEP 3.3 running in a VM, I'll see if they had the bug also :).</p>DinoMon, 02 Oct 2006 10:12:44 -0000http://www.matasano.com/log/530/matasano-advisory-macos-x-mach-exception-server-privilege-escalation/#comment-2320722<p>there's been a public exploit out for this bug for about a year I think. Nice apple finally fixed it :)</p>iljaMon, 02 Oct 2006 00:04:00 -0000