Full title: macOS cfprefsd Arbitrary File Write / Local Privilege Escalation Exploit 
Category: local exploits
Platform: macOS
This Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10.15.4 and below in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can be exploited with a race condition in order to overwrite an arbitrary file as root. By overwriting /etc/pam.d/login a user can then login as root with the login root command without a password.

# 0day.today @ http://0day.today/