This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload. This module has been tested against iOS 7.1.2 on an iPhone 4.
193bef4f6ec1463a50a80fcde4b59fa1Apple Security Advisory 2020-07-15-5 - Safari 13.1.2 is now available and addresses bypass, code execution, cross site scripting, out of bounds read, and use-after-free vulnerabilities.
fae2dd75505f460f265a5bb0c506f1b7Apple Security Advisory 2020-07-15-4 - watchOS 6.2.8 is now available and addresses bypass, code execution, cross site scripting, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
3d5d573fe7b211101f6cd780461624f6Apple Security Advisory 2020-07-15-3 - tvOS 13.4.8 is now available and addresses bypass, code execution, cross site scripting, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
3f70ec352ebe5c029a760fd3924867c3Apple Security Advisory 2020-07-15-2 - macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra are now available and address buffer overflow, code execution, denial of service, out of bounds read, and out of bounds write vulnerabilities.
a61b35f8dbe9b3563ab08b9ba525a3caApple Security Advisory 2020-07-15-1 - iOS 13.6 and iPadOS 13.6 are now available and address buffer overflow, bypass, code execution, cross site scripting, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
930c08146b91758658c332bba05db932Apple iOS version 13.5.1 suffers from an issue where it is possible to circumvent the copy and paste restriction from the company profile to the private profile. Thus, it is possible to extract attachments that can be previewed ("Quick Look") in the native Mail client to any private app.
25b8c8457ca8a60d7a3cd815cbaafb53Apple Security Advisory 2020-06-01-4 - watchOS 6.2.6 is now available and addresses a code execution vulnerability.
97fcc3ee70140e4a6ac5a07f25f15d1fApple Security Advisory 2020-06-01-3 - tvOS 13.4.6 is now available and addresses a code execution vulnerability.
f33f5b55fa7b3a63074831376f1a02d9Apple Security Advisory 2020-06-01-2 - macOS Catalina 10.15.5 Supplemental Update, Security Update 2020-003 High Sierra are now available and address a code execution vulnerability.
ed0f632ce14109787056a63cbd9fb8a9Apple Security Advisory 2020-06-01-1 - iOS 13.5.1 and iPadOS 13.5.1 are now available and address a code execution vulnerability.
345ba38728f3e0788398c087f24abe34Apple Security Advisory 2020-05-26-4 - tvOS 13.4.5 addresses code execution, cross site scripting, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
81d9a3b413281addfed064bcea5fcab2Apple Security Advisory 2020-05-26-11 - Windows Migration Assistant 2.2.0.0 (v. 1A11) is now available and addresses a code execution vulnerability.
a39cc03e4fead835d7ca1474dea20d30Apple Security Advisory 2020-05-26-10 - iCloud for Windows 7.19 is now available and addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
1914f521bdf896420dfcdb61d01d022fApple Security Advisory 2020-05-26-9 - iCloud for Windows 11.2 is now available and addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
505d9135fc0282789086d7a39861e439Apple Security Advisory 2020-05-26-5 - watchOS 6.2.5 addresses code execution, cross site scripting, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
4c33fa712fc6587e6b2fc7aef5f0833bApple Security Advisory 2020-05-26-8 - iTunes 12.10.7 for Windows addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
291e94da2513acdd977e166aa42053c6Apple Security Advisory 2020-05-26-3 - macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra are now available and address bypass, code execution, denial of service, double free, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
f886e2685c265c1b6943d183b100b952Apple Security Advisory 2020-05-26-7 - Safari 13.1.1 is now available and addresses code execution and cross site scripting vulnerabilities.
22da1b429e77c46ccafd69d8581e49f7Apple Security Advisory 2020-05-26-6 - watchOS 5.3.7 addresses a memory corruption vulnerability.
f331a7ace5f177db38b01383605e825bApple Security Advisory 2020-05-26-1 - iOS 13.5 and iPadOS 13.5 address bypass, code execution, cross site scripting, denial of service, double free, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
3bf84c95f1052ea67704c2a2f7179ba0Apple Security Advisory 2020-05-26-2 - iOS 12.4.7 addresses an out of bounds write vulnerability.
f5e16f5f58e9c69a6bb267396dc8a689Apple Security Advisory 2020-05-20-1 - Xcode 11.5 is now available and addresses an issue where a crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host.
550c1f832f43751d05f4ca8e901458c9Apple Security Advisory 2020-03-25-2 - iCloud for Windows 7.18 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
39167343a9b21807702bf6e531c441efApple Security Advisory 2020-03-25-1 - iCloud for Windows 10.9.3 is now available and addresses buffer overflow, code execution, and cross site scripting vulnerabilities.
7513798d3c60989e39a97e80b08eb05e
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed