Author: Zhipeng Huo(@R3dF09) of Tencent Security Xuanwu Lab
In this blog, I will detail an interesting logic vulnerability I found in
launchd process when it is managing the XPC Services. It’s easy be exploited and 100% stable to get high privilege in macOS/iOS. Because
launchd is the most fundamental and important component in the OS, the vulnerability would also work even from the most restricted app sandbox. The vulnerability should work before macOS Big Sur and iOS 13.5.