Rootpipe Reborn (Part II): CVE-2019-8565 Feedback Assistant Race Condition


There’s a general bug type on macOS. When a privileged (or loosely sandboxed) user space process accepts an IPC message from an unprivileged or sandboxed client, it decides whether the operation is valid by enforcing code signature (bundle id, authority or entitlements). If such security check is based on process id, it can be bypassed via pid reuse attack.


Rootpipe Reborn (Part I): TimeMachine Command Injection

macOS Mojave 10.14.4 has patched two LPE flaws I reported:

They are both userspace XPC logic bugs, simple and reliable to get root privilege escalation, just like the Rootpipe. This writeup is for the command injection in TimeMachine diagnose extension, which affects 10.12.x-10.14.3.

Since this exploit is easy to understand and 100% reliable, please upgrade to 10.14.4 ASAP.

This talk revealed some very interesting LPE bugs found in diagnostic tool of the system: $hell on Earth: From Browser to System Compromise — Black Hat

So I started looking at these services:


One-liner Safari Sandbox Escape Exploit

I am writing about a dead simple and reliable sandbox escape exploit which only have one line of code. Yeah I am sure it’s an exploit, not just PoC. It has nothing to do with iOS so please stop asking me anything about that.

The bug was refactored (or killed) before beta release of Mojave. The latest vulnerable version is macOS High Sierra 10.13.6 (17G65).

Since it’s part of a browser exploit chain you’ll need a renderer exploit to gain shellcode execution first. If not, disable SIP so you can debug, attach lldb to a running and use the following command:

po CFPreferencesSetAppValue(@"Label", @"You know what should be put here", [(id)NSHomeDirectory() stringByAppendingPathComponent:@"Library/LaunchAgents/evil.plist"])

This line will generate a new plist under ~/Library/LaunchAgents. With the proper arguments you can launch a Calculator or anything you like after re-logging into system.

What the hell? Isn’t writing plist supposed to be blocked by sandbox?


CVE-2018-8412: MS Office 2016 for Mac Privilege Escalation via a Legacy Package

This issue affects Microsoft Office for Mac 2016, and SkypeForBusiness (

This report covers two main flaws:

  • Code signature validation bypass
  • Insecure installer module loading

CVE-2018-4991: Adobe Creative Cloud Desktop Local Privilege Escalation via Signature Bypass


The patch was addressed in APSB18-12:

Adobe Security Bulletin

This write-up only covers macOS, but this issue may also affects Windows version.

Adobe Creative Cloud installs a daemon with root privilege:


It accepts XPC connections via NSXPCConnection remote interface. There’s a method handleAction:withReply: in SMJobBlessHelper class that is exposed to non-rooted processes. The messages are serialized in XML.