Comment - A particularly 'sus' sysctl in the XNU Kernel

A particularly 'sus' sysctl in the XNU Kernel

Created on 2025-01-24 06:18, updated on 2025-01-24 06:18, by Cédric Bonhomme

JSON CVE-2024-54507

vulnerability:exploitability=documented vulnerability:information=PoC

Timeline

September 16, 2024: macOS 15.0 Sequoia was released with xnu-11215.1.10, the first public kernel release with this bug.
Fall 2024: I reported this bug to Apple.
December 11, 2024: macOS 15.2 and iOS 18.2 were released, fixing this bug, and assigning CVE-2024-54507 to this issue.

Related vulnerabilities

CVE-2024-54507

Meta

[
  {
    "tags": [
      "vulnerability:exploitability=documented",
      "vulnerability:information=PoC"
    ]
  }
]