CVE-2017-2370 PoC — 多款Apple产品Kernel组件缓冲区错误漏洞

Source

https://github.com/Rootkitsmm-zz/extra_recipe-iOS-10.2

Associated Vulnerability

Title:多款Apple产品Kernel组件缓冲区错误漏洞 (CVE-2017-2370)
Description:Apple iOS、macOS Sierra、tvOS和watchOS都是美国苹果（Apple）公司的产品。Apple iOS是为移动设备所开发的一套操作系统；watchOS是一套智能手表操作系统。Kernel是其中的一个内核组件。多款Apple产品中的Kernel组件存在缓冲区溢出漏洞。攻击者可利用该漏洞以内核权限执行任意代码。以下产品和版本受到影响：Apple iOS 10.2.1之前的版本；Apple macOS Sierra 10.12.3之前的版本；Apple tvOS 10.1.1之前版本；

Description

CVE-2017-2370

Readme

# extra_recipe-iOS-10.2
CVE-2017-2370

Code & Exploit by ianbeer (https://bugs.chromium.org/p/project-zero/issues/detail?id=1004)

Fixed (https://support.apple.com/en-us/HT207482)

File Snapshot


 [4.0K]  /data/pocs/1dab89c696e4dc680abbdc1416ecbbafa7538a69
├── [4.0K]  extra_recipe
│   ├── [2.1K]  AppDelegate.swift
│   ├── [4.0K]  Assets.xcassets
│   │   └── [4.0K]  AppIcon.appiconset
│   │       └── [1.1K]  Contents.json
│   ├── [4.0K]  Base.lproj
│   │   ├── [1.7K]  LaunchScreen.storyboard
│   │   └── [1.7K]  Main.storyboard
│   ├── [ 117]  extra_recipe-Bridging-Header.h
│   ├── [1.4K]  Info.plist
│   ├── [ 17K]  jailbreak.c
│   ├── [ 472]  load_regs_and_crash.s
│   ├── [1.3K]  offsets.c
│   ├── [ 394]  offsets.h
│   ├── [4.8K]  README
│   └── [ 479]  ViewController.swift
├── [4.0K]  extra_recipe.xcodeproj
│   ├── [ 14K]  project.pbxproj
│   └── [4.0K]  project.xcworkspace
│       └── [ 157]  contents.xcworkspacedata
└── [ 180]  README.md

6 directories, 15 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!