Skip to content

enty8080/MacDirtyCow

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

MacDirtyCow

Example of CVE-2022-46689 aka MacDirtyCow.

What?

MacDirtyCow is a privilege escalation vulnerability in macOS, similar to the Dirty COW vulnerability in Linux. The vulnerability resides in the copy-on-write (COW) mechanism used by macOS's XNU kernel. The vulnerability allows an attacker to modify read-only root-owned files, which could lead to an attacker gaining root privileges on the affected system.

The vulnerability is caused by a race condition in the way macOS's XNU kernel handles copy-on-write (COW) operations on memory pages. When a memory page is marked read-only, but also marked as copy-on-write, the kernel will create a new copy of the page when a write operation is performed on the page. However, there is a small window of time between the read-only page being checked and the new copy being created where an attacker could modify the page in memory, effectively bypassing the read-only restriction.

PoC

This code (poc.c) opens a file specified as a command line argument and maps it into memory using mmap(). It then creates a copy of the file and modifies the memory-mapped copy of the file by filling it with the character 'A'. Finally, the original file is overwritten with the modified copy of the file.

Releases

No releases published

Packages

No packages published

Languages