At BayThreat last month, I gave an updated (and more much sober) version of my “Hacking at Mach Speed” presentation from SummerC0n. Now, since the 0day Mach RPC privilege de-escalation vulnerability has been fixed, I can include full details on it. The presentation is meant to give a walkthrough on how to identify and enumerate Mach RPC interfaces in bootstrap servers on Mac OS X. Why would you want to do this? Hint: there are other uses for these types of vulnerabilities besides gaining increased privileges on single-user Mac desktops. Enjoy!
- “Hacking at Mach 2!” (PDF)