CVE-2020-9802 PoC — 多款Apple产品安全漏洞

Source

https://github.com/Billy-Ellis/jitsploitation

Associated Vulnerability

Title:多款Apple产品安全漏洞 (CVE-2020-9802)
Description:Apple iOS等都是美国苹果（Apple）公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。Apple iPadOS是一套用于iPad平板电脑的操作系统。WebKit是其中的一个Web浏览器引擎组件。多款Apple产品中的WebKit组件存在安全漏洞。攻击者可借助特制Web内容利用该漏洞执行任意代码。以下产品及版本受到影响：Apple watchOS 6.2.5之前版本；tvOS 13.4.5之前版本；iOS 13.5之前版本；iPadOS

Description

iOS browser exploit for CVE-2020-9802, an old JIT bug.

Readme

# jitsploitation
iOS browser exploit for CVE-2020-9802, an old JIT bug.


This is an exploit for a popular JIT compiler bug in the WebKit engine for macOS and iOS originally documented by Project Zero.
I re-implemented the exploit for this bug as an exercise in learning browser exploitation.

Video explanation: [How 1 Click can Hack your iPhone](https://www.youtube.com/watch?v=o6mVgygo-hk&t=34s)

### Credits

[ProjectZero blog](https://googleprojectzero.blogspot.com/2020/09/jitsploitation-one.html)

[JakeBlair420 implementation](https://github.com/JakeBlair420/totally-not-spyware/blob/master/root/js/utils.js)

File Snapshot


 [4.0K]  /data/pocs/56326562d499035a96684d8122311cdfd89381d1
├── [ 18K]  exploit.html
└── [ 617]  README.md

1 directory, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!