The syscalls involved are in a lot of sandboxes, so worst (or best, depending on your point of view) case scenario it's a pretty universal privesc. There's a lot of steps to get there though. I'm not super familiar with the mbuf subsystem specifically but I'm going to guess mbufs are in their own allocator zone. That means you're guaranteed to overwrite an adjacent m_hdr structure. Those contains pointers that form a linked list and at first glance I don't see linked list hardening or zone checks in the MBUF macros. One could envision being able to turn this bug into a kASLR leak as well as a kernel r/w primitive and while that isn't the silver bullet it used to be on XNU (because of a whole host of hardening Apple put in) it's still pretty powerful.
Posting the hash to twitter as a proof that "something" exists reveals no actual information, so it's not considered making the exploit "public" in any meaningful way.
From the blog's timeline, it's been visible in code diffs since ~April, but only called out as a CVE since 10 days ago, so I'd consider this one hot off the presses.
There is a bigger chance that a toddler smashing a keyboard finds a bug than gpt5. LLMs can't understand intent, so they literally work like `grep` with little to no understanding of the context, so most of the time it will false flag good code.
There are already a lot of tools already to find bugs, like fuzzers, but I am sure that LLMs won't be one of them.
lgdskhglsa|1 year ago
jprx|1 year ago
bartvk|1 year ago
Also, this has been public for months:
- February 17, 2024: I posted the hash of TURPENTINE.c to X on Feb 17, 2024.
- May 13, 2024: macOS Sonoma 14.5 (23F79) shipped with xnu-10063.121.3, the first public release containing a fix.
axoltl|1 year ago
TheDong|1 year ago
Posting the hash to twitter as a proof that "something" exists reveals no actual information, so it's not considered making the exploit "public" in any meaningful way.
From the blog's timeline, it's been visible in code diffs since ~April, but only called out as a CVE since 10 days ago, so I'd consider this one hot off the presses.
unknown|1 year ago
[deleted]
0757630110|1 year ago
[deleted]
throwaway71271|1 year ago
[deleted]
chad1n|1 year ago
There are already a lot of tools already to find bugs, like fuzzers, but I am sure that LLMs won't be one of them.
lpapez|1 year ago
Half of the work in fixing a bug report is getting a reproducible example. Nay, more than half.
If there was a magic AI which could generate exploits, I'd imagine there would be an equally magic AI patching the holes right out.
saagarjha|1 year ago
mschuster91|1 year ago
Oh, I remember the "XDCC SEND KEYLOGGER 0 0 0" exploit from IRC era ~2010... dumbass middleboxes would yeet anyone whose packets crossed them.
jiveturkey|1 year ago