CVE-2018-4087 PoC — Apple iOS、tvOS和watchOS Core Bluetooth 安全漏洞

Source

Associated Vulnerability

Title:Apple iOS、tvOS和watchOS Core Bluetooth 安全漏洞 (CVE-2018-4087)
Description:Apple iOS、tvOS和watchOS都是美国苹果（Apple）公司的产品。Apple iOS是为移动设备所开发的一套操作系统；tvOS是一套智能电视操作系统；watchOS是一套智能手表操作系统。Core Bluetooth是其中的一个核心蓝牙组件。 Apple iOS 11.2.5之前的版本、tvOS 11.2.5之前的版本和watchOS之前的4.2.2版本中的Core Bluetooth组件存在安全漏洞。远程攻击者可利用该漏洞以系统权限执行任意代码或造成拒绝服务。

Description

CVE-2018-4087 PoC

Readme

[@RaniXCH](https://twitter.com/raniXCH)

# bluetoothdPoC

CVE-2018-4087 PoC

## ETA son? (Is it a jailbreak?)

Depends, Got any kernel vulnerability? You're welcome chain them together. This one allow you to have huge attack surface from within the sandbox.
https://www.weibo.com/ttarticle/p/show?id=2309404271293301154324 -  @SparkZheng - iOS jailbreak internals (2): Escaping sandbox using callbacks



## References

https://blog.zimperium.com/new-crucial-vulnerabilities-apples-bluetoothd-daemon/

https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/

File Snapshot


 [4.0K]  /data/pocs/189b0f6d52e26dd18118779be69fe6e6bd83c40c
├── [4.0K]  bluetoothdPoC
│   └── [7.3K]  main.m
├── [7.2K]  log
└── [ 589]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!