关联漏洞
标题:
Apple iOS和Apple iPadOS 安全漏洞
(CVE-2024-44308)
描述:Apple iOS和Apple iPadOS都是美国苹果(Apple)公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。 Apple iOS 18.1.1之前版本和Apple iPadOS 18.1.1之前版本存在安全漏洞,该漏洞源于处理恶意制作的Web内容可能会导致任意代码执行。
描述
DFG register allocation bug in JavaScriptCore
介绍
# cve-2024-44308
> Michael Goppert, Michael Jennings, and John Jennings
## Safety
This issue in WebKit was patched long before this proof-of-concept was released.
As such, it did not pose any danger to real users: the whole purpose is to document these kinds of exploits so that we know how to protect against them.
## Documentation
This repository has a writeup documenting our findings, as well as a presentation from our talk about it.
Find these in the `doc/` subdirectory.
## Building
This directory should be cloned into the directory containing WebKit, then it can be used.
I.e.,
```
git clone https://github.com/WebKit/WebKit.git
cd WebKit
git checkout c52da7c313795d61665253f23c9f298005549c73
git clone https://github.com/migopp/cve-2024-44308.git
```
Then, take a peek at the `Makefile` to get a feel for what is available.
文件快照
[4.0K] /data/pocs/034fc4f99362a78978a031e03bc693355972a342
├── [7.7K] cve-2024-44308.js
├── [4.0K] doc
│ ├── [ 43K] cve-2024-44308.md
│ └── [1.4M] cve-2024-44308.slides.pdf
├── [3.3K] Makefile
├── [4.0K] patches
│ ├── [4.0K] debug
│ │ ├── [ 396] call-compile-fn.patch
│ │ ├── [ 386] check-regalloc.patch
│ │ ├── [ 502] generate-slowpath.patch
│ │ └── [1.7K] slowpath-jmp-fn.patch
│ └── [4.0K] release
│ ├── [ 404] call-compile-fn.patch
│ ├── [ 386] check-regalloc.patch
│ ├── [ 510] generate-slowpath.patch
│ └── [1.8K] slowpath-jmp-fn.patch
├── [ 843] README.md
└── [1.8K] trigger.js
4 directories, 14 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。