11
Rootpipe Reborn Part I: CVE-2019–8513 TimeMachine root command injection

Rootpipe Reborn Part I: CVE-2019–8513 TimeMachine root command injection

7 years ago
Anonymous $9jpehmcKty

https://medium.com/0xcc/rootpipe-reborn-part-i-cve-2019-8513-timemachine-root-command-injection-47e056b3cb43

macOS Mojave 10.14.4 has patched two LPE flaws I reported:

They are both userspace XPC logic bugs, simple and reliable to get root privilege escalation, just like the Rootpipe. This writeup is for the command injection in TimeMachine diagnose extension, affects 10.12.x-10.14.3.