Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-9922 PoC — 多款 Apple 产品授权问题漏洞

Source
https://github.com/Wowfunhappy/Fix-Apple-Mail-CVE-2020-9922
Associated Vulnerability
Title:多款 Apple 产品授权问题漏洞 (CVE-2020-9922)
Description:Apple macOS Mojave等都是美国苹果(Apple)公司的一套专为Mac计算机所开发的专用操作系统。 多款 Apple 版本存在安全漏洞,该漏洞源于处理恶意的电子邮件可能导致写入任意文件。以下产品及版本受到影响:Apple macOS Mojave,Apple macOS High Sierra,Apple macOS Catalina
Readme
# Fix-Apple-Mail-CVE-2020-9922

Apple Mail has a scary zero-click vulnerability. Versions of OS X prior to High Sierra were not patched. https://mikko-kenttala.medium.com/zero-click-vulnerability-in-apples-macos-mail-59e0c14b106c

I made this quickly and only tested it on Mavericks. I don't see any reason for it to _not_ work on other OS's, but that definitely does not mean that it will!

If you use this, feel free to open issues to tell me how it is or isn't working, because that's always cool to hear! However, I am unlikely to actually fix anything unless you're running OS X 10.9, because Mavericks is special! <3

Download from https://jonathanalland.com/old-osx-projects.html
File Snapshot

 [4.0K]  /data/pocs/523caeeb8f9f4bc3191297956ab8d20d65a2da03
├── [4.0K]  MailSecFix
│   ├── [ 932]  Info.plist
│   └── [4.0K]  ZKSwizzle
│       ├── [7.1K]  ZKSwizzle.h
│       └── [ 11K]  ZKSwizzle.m
├── [4.0K]  MailSecFix.xcodeproj
│   ├── [9.3K]  project.pbxproj
│   ├── [4.0K]  project.xcworkspace
│   │   ├── [ 155]  contents.xcworkspacedata
│   │   └── [4.0K]  xcuserdata
│   │       └── [4.0K]  jonathan.xcuserdatad
│   │           └── [ 18K]  UserInterfaceState.xcuserstate
│   └── [4.0K]  xcuserdata
│       └── [4.0K]  jonathan.xcuserdatad
│           └── [4.0K]  xcschemes
│               ├── [2.7K]  MailSecFix.xcscheme
│               └── [ 482]  xcschememanagement.plist
├── [ 650]  main.m
└── [ 687]  README.md

9 directories, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.