[pit]

I'm running 10.10.4, and it just crashed my Mac -- the "A problem has occurred" screen -- followed by a forced restart.

[ivank]

If I run echo '' | ./tpwn in a loop on 10.10.4, I get a kernel panic about 0.5% of the time, so you might have just gotten really unlucky.

[readme]

Yep, same result here on 10.10.4 heh.

[qwertyoruiop]

Interesting. I am on 10.10.4 myself, and that's the OS I tested it on.

tpwn has been tested from 10.9 to 10.10.5, but of course, your mileage may vary. the KASLR leak part is not 100% reliable, unlike the actual code execution which is. I'd be interested in panic logs to sort the issue out, if you could share.

[devy]

10.10.5 kernel panic too. https://gist.github.com/anonymous/6a76b0793607c890c3ea

[qwertyoruiop]

You are not vulnerable since you have SMAP!

[m1keil]

what's SMAP? can't find info anywhere. edit: ok, found, cpu security feature. so it's possible this issue is mitigated on newer CPUs?

[qwertyoruiop]

well, this bug is a null pointer deference. smap is like -no_shared_cr3, but without the performance loss.

[pit]

Here's mine: https://gist.github.com/dad0731fc0373a9db858