I wrote a macOS LPE chain using only logic bugs a couple of months ago and now I can finally share it ^^
Here's my blogpost about the vulns and techniques I used: objective-see.com/blog/blog_…
And here's the code: github.com/A2nkF/unauthd
Excited to finally publish my lockdown project from earlier this year: an iOS zero-click radio proximity exploit odyssey.
googleprojectzero.blogspot.c…