I already announced on twitter to publish a paper about another stack overflow in the bluetooth stack on most mac os x operating system.
unfortunately I fu..ed up my word press instance in a way that it is really a pain to publish new articles, omg!!!!!
so i will cut it short for you:
os / version: Darwin xxx.local 14.3.0 Darwin Kernel Version 14.3.0: Thu Jan 22 23:54:42 PST 2015; root:xnu-2782.20.26~5/RELEASE_X86_64 x86_64 – (((( 10.10.3 – 14D72i ))))
afftected: /usr/sbin/blued | md5 – 49bcb97d371d64c798cf25ba2f977440
xpc: 4121 and 4122
offsets to have a look at: 0x446b0, 0x446c3, 0x4470b
if you are familiar with exploitation you will quickly discover whats going wrong here.
@apple-sec-team in paris: thumbs up for the good work you guys do! 😉
I’m looking forward to see if one of you guys manage to exploit that one, hehe.
Have a nice day!
mitp0sh of [PDX]
p.s. – this is not only limited to yosemite, older versions are also affected.