[qwertyoruiop]

Interesting. I am on 10.10.4 myself, and that's the OS I tested it on.

tpwn has been tested from 10.9 to 10.10.5, but of course, your mileage may vary. the KASLR leak part is not 100% reliable, unlike the actual code execution which is. I'd be interested in panic logs to sort the issue out, if you could share.

[devy]

10.10.5 kernel panic too. https://gist.github.com/anonymous/6a76b0793607c890c3ea

[qwertyoruiop]

You are not vulnerable since you have SMAP!

[m1keil]

what's SMAP? can't find info anywhere. edit: ok, found, cpu security feature. so it's possible this issue is mitigated on newer CPUs?

[qwertyoruiop]

well, this bug is a null pointer deference. smap is like -no_shared_cr3, but without the performance loss.

[pit]

Here's mine: https://gist.github.com/dad0731fc0373a9db858