Apple just released iOS 9.3.2 and fixed one kernel heap overflow in IOHIDFamily. We independently found this bug several month ago. The vulnerable code was imported in Mac OS X 10.2 (released in 2002) and it affects almost all Apple devices (e.g., MacBook, iPhone, iPad, Apple Watch) for 15 years.
>vulnerabilities every month
>fbi "can't get into iphone"
>I never worked on Mac OS X kernel before but it seems like IOHID interface family is provided to access touch screen or physical buttons of device.
Not exactly convenient to exploit if target's phone's already locked.
>Reminds me of a lulzy man-page
OS/X AND DARWIN BUGS
The whole thing is a bug if you ask me - basically any system interface you touch is broken, whether it is locales, poll, kqueue or even the OpenGL drivers.
"kqueue" is buggy
The kqueue syscall is broken in all known versions - most versions support only sockets, many support pipes.
Libev tries to work around this by not using "kqueue" by default on this rotten platform, but of course you can still ask for it when creating a loop - embedding a socket-only kqueue loop into a select-based one is probably going to work well.
"poll" is buggy
Instead of fixing "kqueue", Apple replaced their (working) "poll" implementation by something calling "kqueue" internally around the 10.5.6 release, so now "kqueue" and "poll" are broken.
Libev tries to work around this by not using "poll" by default on this rotten platform, but of course you can still ask for it when creating a loop.
"select" is buggy
All that's left is "select", and of course Apple found a way to fuck this one up as well: On OS/X , "select" actively limits the number of file descriptors you can pass in to 1024 - your program suddenly crashes when you use more.
There is an undocumented "workaround" for this - defining "_DARWIN_UNLIMITED_SELECT", which libev tries to use, so select should work on OS/X .