Kernel memory disclosure in Apple iOS/macOS/watchOS

This repository contains two C source files implementing proof-of-concept exploits for CVE-2020-27950, a Mach port pointer leak vulnerability affecting Apple macOS and iOS. The file 'CVE-2020-27950_leak_port.c' is the main exploit, which manipulates Mach ports and messages to leak the kernel address of a Mach port, thereby bypassing KASLR and aiding further kernel exploitation. The file 'CVE-2020-27950_poc.c' is a simpler proof-of-concept that demonstrates the ability to leak a value from the Mach message trailer. Both files are standalone C programs intended to be compiled and run locally on a vulnerable system. The repository does not contain any network endpoints or remote attack vectors; exploitation requires local code execution. The README is minimal and simply identifies the CVE. The overall structure is straightforward, with each C file serving as an entry point for its respective exploit logic.

This repository provides a Bash script ('browser_crash.sh') and a README for exploiting CVE-2020-27950, a vulnerability in iOS WebKit, using Metasploit's 'webkit_backdrop_filter_blur' auxiliary module. The script automates the setup by checking for Metasploit and ngrok, installing ngrok if missing, and launching an ngrok tunnel to expose a local web server to the internet. It then starts Metasploit to serve a crafted web page that, when visited by a vulnerable browser (notably iOS WebKit, but reportedly also other browsers), causes the browser to crash (Denial of Service). The script outputs a public URL (via ngrok) to be sent to the target. The repository is structured simply, with the main exploit logic in the Bash script and usage instructions in the README. No fake or malicious destructive actions are present; the exploit is operational and automates a real DoS attack against browsers vulnerable to CVE-2020-27950.