This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload. This module has been tested against iOS 7.1.2 on an iPhone 4.
193bef4f6ec1463a50a80fcde4b59fa1
This repository contains several tools Project Zero uses to test iPhone messaging. It includes SmsSimulator: an SMS simulator for iPhone, iMessage: tools for sending and dumping iMessage messages, and imapiness: a fuzzer for IMAP clients. See the directory for each tool for further instructions and contact information. This is not an officially supported Google product. These tools were released and presented at BlackHat USA 2019.
2e9ddb1606e5ec0f3068837fa5919c6c
An issue exists where a malformed iMessage can brick an iPhone. A method in IMCore can throw an NSException due to a malformed message containing a property with key IMExtensionPayloadLocalizedDescriptionTextKey with a value that is not a NSString.
fb007a18977fff5d77770c60f17d53df
Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.
ee209f50afa19dc15f5533506c05c21c
Symantec Mobile Encryption for iPhone version 2.1.0 suffers from a denial of service vulnerability.
6cf7d1140119671e5354057be1a35099
WordPress Windows Desktop and iPhone Photo Uploader plugin suffers from a remote shell upload vulnerability.
d2e3e65707fc84afa1933bd0dcd2d5ca
Air Transfer Iphone version 1.3.9 suffers from remote denial of service and unauthenticated file access vulnerabilities.
da7440f7bf7a7876e69310fca0107eb5
A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.
84be806acc044302df636242b657b7ce
A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.
787a49feec5e44d9cffe71f5e9015a71
Transferable Remote version 1.1 for iPad and iPhone suffers from cross site scripting, remote command injection, and local file inclusion vulnerabilities.
1f6e924630624df2bb23a41e3a64c50c
Air Disk Wireless version 1.9 for iPad and iPhone suffers from local file inclusion and command injection vulnerabilities.
badc212990ea6ea624bcac068e3cebcb
The Twitter 5.0 application for iPhone grabs images over HTTP and due to this, allows for a man in the middle attack / image swap. Proof of concept included.
98ef370a606a1bdfefb0f0de75168c75
This article explains the technical procedure and challenges involved in extracting data and artifacts from iPhone backups.
cabb3250f3d9b1bae831ae0e660a96ef
This whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.
8527c3e88bfed9bdffcf0bcf1dbd7036
IPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.
baf9f8ad1ec36e375b28bc78fba8b6f1
Vopium for Android and iPhone leaks various data such as your password by passing it in the clear.
624744baa5cdb47240b0bfc201bee2b9
This is a brief whitepaper discussing how to perform forensics on iOS 5 on the iPhone.
782903866dd7d55143c6835188eda2fe
Whitepaper called Hacking Dispositivos iOS. It demonstrates how dangerous it is to be connected to a wireless network with an iOS device that has OpenSSH enabled. Written in Spanish.
ae05680dc6d82049bbe79bf2fac33be6
iPhone/iPad Phone Drive version 1.1.1 suffers from a directory traversal vulnerability.
b63ce126d747f94ec58cd93bc00718d0
Secunia Security Advisory - Some vulnerabilities has been reported in Apple iOS for iPhone 4 (CDMA), which can be exploited by malicious people to compromise a vulnerable device.
ce1d63f9833ac7bdd73666a3db1e6ec2
Secunia Security Advisory - A vulnerability has been reported in Apple iPhone iOS, which can be exploited by malicious people to compromise a vulnerable device.
131bf6f34af638bf6f3358a865f9b773
Zero Day Initiative Advisory 11-109 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Office files. When handling the OfficeArtMetafileHeader the process trusts the cbSize field and performs arithmetic on it before making an allocation. As the result is not checked for overflow, the subsequent allocation can be undersized. Later when copying into this buffer, memory can be corrupted leading to arbitrary code execution under the context of the mobile user on the iPhone.
73c6d0ab44664ae2917de0b921def7d1
Checkview version 1.1 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
1ece07f88e1f643b1604f4679937e4f6
The Air Contacts Lite iPhone / iPod application suffers from a denial of service vulnerability.
c9bfe2ee19e3e87489a8fb44e3e826aa
Apple iPhone 4 with iOS 4.3 (8F190) suffers from a passphrase disclosure vulnerability that allows all local processes access to it.
5806a00d78c413e35d82e31be0490810