Vulnerability & Exploit Database

Back to search

Mac OS X IOKit Keyboard Driver Root Privilege Escalation

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue was patched silently in Yosemite.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/osx/local/iokit_keyboard_root

Authors

  • Ian Beer
  • joev <joev [at] metasploit.com>

References

Targets

  • Mac OS X 10.9.5 Mavericks x64 (Native Payload)

Platforms

  • osx

Architectures

  • x64

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/osx/local/iokit_keyboard_root msf exploit(iokit_keyboard_root) > show targets ...targets... msf exploit(iokit_keyboard_root) > set TARGET <target-id> msf exploit(iokit_keyboard_root) > show options ...show and set options... msf exploit(iokit_keyboard_root) > exploit

Related Vulnerabilities