The iOS 11 mptcp bug (CVE-2018-4241) discovered by Ian Beer is a serious kernel vulnerability which involves a buffer overflow in mptcp_usr_connectx that allows attackers to execute arbitrary code in a privileged context. Ian Beer attached an interesting piece of PoC code which demonstrated a rather elegant technique to obtain the kernel task port with this vulnerability. Extending on his brief writeup that comes with the PoC, this blog post will mainly aim at walking through the PoC in great details as well as covering its background. If you are an iOS security researcher who hasn’t looked into the PoC source code yet, hopefully you will find the materials handy when you decide to do so.

source: grugq

After exploiting a browser, you still need a kernel exploit to break out of the sandbox. And so...

A Detailed Description of CVE-2016-0176 and Its Exploitation

This vulnerability is in dxgkrnl.sys driver, and it is a heap overflow vulnerability.