Quest for an Exploit using QL

September 13, 2019


Reading time

Semmle security researcher Kevin Backhouse explains how he used QL to find an exploitation path for a bug that he had discovered in Apple's ICMP packet-handling code. Check out this PoC for CVE-2018-4407 in the Apple XNU kernel.