CVE-2020-9971 Abusing XPC Service mechanism to elevate privilege in macOS/iOS
Author: Zhipeng Huo(@R3dF09) of Tencent Security Xuanwu Lab
0x0 Introduction
In this blog, I will detail an interesting logic vulnerability I found in launchd
process when it is managing the XPC Services. It’s easy be exploited and 100% stable to get high privilege in macOS/iOS. Because launchd
is the most fundamental and important component in the OS, the vulnerability would also work even from the most restricted app sandbox. The vulnerability should work before macOS Big Sur and iOS 13.5.