How OS X 10.11.6 – ROOT Exploit Works (Explained)

In today's video I will show you a great OS X Exploit for ROOT Privileges Escalation and we're going to analyze how it works, what is the vulnerability behind it and how the exploit is being implemented. 
This powerful exploit spawns a root shell console even if the user from where the exploit is being started is either Administrator, or a limited account.

This video is intended for those who want to get to know OS X better, or for aspiring security researchers. The vulnerability behind this resides in dyld (Dynamic Linker on OS X). The exploit opens the sudoers file which holds the information about each permission for every user account on OS X. The sudoers file normally is owned by root so it can't be edited normally by you. This exploit is pretty interesting, as it only takes two lines of code to be implemented. 

Dyld Documentation:
newgrp Documentation:
Stefan Esser's Official Documentation:
Reverse Engineering Playlist:



About GeoSn0w

C#, C, Objective-C Programmer | Beginner iOS Security Researcher | Content Creator | Web Developer I like to bring the latest news from the iOS / iDevice / Jailbreak battlefield to you in a beautiful manner :) I hope you like the site. If you do, don't forget to check out my channel :)

Leave a Reply