Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-44133 PoC — Apple macOS 安全漏洞

Source
https://github.com/yo-yo-yo-jbo/hm-surf
Associated Vulnerability
Title:Apple macOS 安全漏洞 (CVE-2024-44133)
Description:Apple macOS是美国苹果(Apple)公司的一套专为Mac计算机所开发的专用操作系统。 Apple macOS 15 版本存在安全漏洞,该漏洞源于在 MDM 管理的设备上,应用程序可能能够绕过某些隐私偏好设置。
Description
macOS CVE-2024-44133 evaluator of popular browsers
Readme
# HM-Surf evaluator
Evaluates susceptibility to [CVE-2024-44133](https://nvd.nist.gov/vuln/detail/CVE-2024-44133) of common macOS browsers.  
Also contains the HTML that takes a screenshot and downloads it along with location extraction.
![Screenshot](screenshot.png)

## Usage - evaluator
To run the evaluator, which evaluates [CVE-2024-44133](https://nvd.nist.gov/vuln/detail/CVE-2024-44133) on all common macOS browsers, run:

```shell
python3 -m pip install -r ./requirements.txt
./hm-surf-eval.py
```

Upon execution, the tool evaluates TCC bypassing capabilities of all common macOS browsers.

## Usage - HTML
The file [hm-surf.html](hm-surf.html) is an example HTML page that demontrates [CVE-2024-44133](https://nvd.nist.gov/vuln/detail/CVE-2024-44133).  
All it does is access the camera and location, presenting the location (with low accuracy, on purpose) and downloads the camera screenshot (but it could just as easily save it on a server).  
This file is *not* an exploit by itself, and requires Camera, Microphone and location access enabled for the browser, e.g. by a local attacker overriding the per-browser preferences.  
That capability can be assessed with the evaluator.  
To view the HTML page easily, you could use any tool, e.g. [htmlpreview](http://htmlpreview.github.io/?https://github.com/yo-yo-yo-jbo/hm-surf/blob/main/hm-surf.html).

## Coding
Coding an evaluator is quite easy - you inherit from `BrowserEvaluatorBase` and implement two methods:
- `get_browser_name` - retrieves a human-readable browser name.
- `evaluate` - gets the `username` and its `home_dir` and evaluates susceptibility. Returning `None` means browser is not susceptible, while returning a `BrowserResults` instance yields susceptible results.

Note there's also a `ChromiumEvaluatorBase` base class for Chromium-based browsers, which means you have to implement the usual `get_browser_name` and also a `get_preference_filepath` method that returns a preference file path for the given home directory. You do not have to implement `evaluate` for Chromium-based browsers, that's implemented by the base class.
File Snapshot

 [4.0K]  /data/pocs/1cae042dbf916d7417dd4d0b8112a9a66f1aea9f
├── [4.0K]  core
│   ├── [2.1K]  lib.py
│   ├── [7.2K]  printing.py
│   ├── [ 562]  singleton.py
│   ├── [2.5K]  sqlite_aux.py
│   └── [5.3K]  utils.py
├── [4.0K]  evaluators
│   ├── [3.3K]  apple_safari.py
│   ├── [ 594]  brave.py
│   ├── [2.1K]  chromium_base.py
│   ├── [ 603]  google_chrome.py
│   ├── [ 608]  microsoft_edge.py
│   ├── [2.7K]  mozilla_firefox.py
│   ├── [ 591]  opera.py
│   └── [ 577]  vivaldi.py
├── [2.4K]  hm-surf-eval.py
├── [2.8K]  hm-surf.html
├── [2.1K]  README.md
├── [  16]  requirements.txt
└── [511K]  screenshot.png

2 directories, 18 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.