Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-4407 PoC — 多款Apple产品 Kernel 缓冲区错误漏洞

Source
https://github.com/unixpickle/cve-2018-4407
Associated Vulnerability
Title:多款Apple产品 Kernel 缓冲区错误漏洞 (CVE-2018-4407)
Description:Apple macOS High Sierra等都是美国苹果(Apple)公司的一套专为Mac计算机所开发的专用操作系统。 Apple macOS Sierra 10.12.6版本和macOS High Sierra 10.13.6版本中的Kernel组件存在安全漏洞。攻击者可利用该漏洞执行任意代码(内存损坏)。
Description
Crash macOS and iOS devices with one packet
Readme
# CVE-2018-4407 reproduction

This is a simple reproduction of CVE-2018-4407, which allows you to crash macOS and iOS devices with OSes from before late 2018.

To use the program, replace `sourceStr` and `destStr` in *send_badopt.go* with your IP address and the victim's IP address, respectively. After running *send_badopt.go* for a few seconds, the victim's machine should crash.

See the original [writeup](https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407). Note that this writeup did not include the PoC script, so I had to derive a viable exploit myself.
File Snapshot

 [4.0K]  /data/pocs/d06662242d51309a1013f045276fa9ecc279b4af
├── [ 568]  README.md
├── [4.0K]  scripts
│   ├── [1.0K]  ip_stats.sh
│   └── [ 376]  listen.go
└── [1.4K]  send_badopt.go

1 directory, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.