CVE-2021-30657 PoC — Apple macOS 安全特征问题漏洞

Source

https://github.com/shubham0d/CVE-2021-30657

Associated Vulnerability

Title:Apple macOS 安全特征问题漏洞 (CVE-2021-30657)
Description:Apple macOS是美国苹果（Apple）公司的一套专为Mac计算机所开发的专用操作系统。 macOS 存在安全特征问题漏洞，该漏洞源于Gatekeeper检查中的逻辑问题。以下产品及版本受到影响：macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 20D91 。

Description

A sample POC for CVE-2021-30657 affecting MacOS

Readme

# CVE-2021-30657
A simple POC for CVE-2021-30657 affecting MacOS
## Vulnerability detail
A vulnerability in `syspolicyd` allows specially crafted application bundle downloaded from internet to <br/>
bypass foundational macOS security features such as File Quarantine, Gatekeeper, and Notarization. <br/>
Armed with this capability attackers could hack macOS systems with a simple user (double)-click.

## Usage
Put your desireable shell script in `payload.sh`.<br/>
Execute `setup.sh` <br/>
This will generate a bait.dmg that will contain our malicious app bundle.<br/>
Share it to the victim through internet. <br/>
When victim will double click on app icon after mounting dmg, it will execute the payload script without any gatekeeper's checks.

## Affected version
* macOS Big Sur < 11.3
* Security Update Catalina < 2021-002

## Technical details
https://objective-see.com/blog/blog_0x64.html

File Snapshot


 [4.0K]  /data/pocs/803e0a2b990838e5376ee0e8c639e010fcd5b6ca
├── [1.0K]  LICENSE
├── [ 187]  payload.sh
├── [ 897]  README.md
└── [ 223]  setup.sh

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!