multicast_bytecopy

April 27, 2022 ยท View on GitHub

This code is published for security researchers, do not use this code for any purpose unless you know what you are doing.

multicast_bytecopy is a kernel r/w exploit for iOS 15.0 - 15.1.1 by @jaakerblom and the spiritual successor of multipath_kfree.

The exploit can be adapted to gain kernel r/w on prior iOS versions. This implementation is for iOS 15.0 - 15.1.1.

The bug exploited is CVE-2021-30937 patched in iOS 15.2. The code uses iokit.h by @s1guza and a couple of IOSurface definitions by @bazad.