This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload. This module has been tested against iOS 7.1.2 on an iPhone 4.
193bef4f6ec1463a50a80fcde4b59fa1
Gentoo Linux Security Advisory 201808-4 - Multiple vulnerabilities have been found in WebKitGTK+, the worst of which may lead to arbitrary code execution. Versions less than 2.20.4 are affected.
5f0385617a3cb454f5a2e9982381b1a2
Ubuntu Security Notice 3635-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
85531931d71d0277a373662193a6ba19
WebKitGTK+ versions prior to 2.20.0 suffer from various memory corruption vulnerabilities.
69f9b7066a3558144e6084f87e6aebee
Apple Security Advisory 2018-3-29-8 - iCloud for Windows 7.4 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
5159368594b492a7a1fa30f912b8bb64
Apple Security Advisory 2018-3-29-7 - iTunes 12.7.4 for Windows is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
0b10f3fc739228ad2a5ae93a2ff0fa41
Apple Security Advisory 2018-3-29-6 - Safari 11.1 is now available and addresses code execution and denial of service vulnerabilities.
fa287f9616cd902e6ae803074263bb14
Apple Security Advisory 2018-3-29-3 - tvOS 11.3 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
49e690c94aa097210c07843e80cb86ca
Apple Security Advisory 2018-3-29-2 - watchOS 4.3 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
296e3f458cbf5f44d50ba3eb77b4d1e5