Month of Apple Bugs - InputManager provided by the user. Code within the input manager will run under wheel privileges. In combination with diskutil and a wheel-writable setuid binary, this allows unprivileged users to gain root privileges. This is the proof of concept exploit that demonstrates this vulnerability.
↧
