This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload. This module has been tested against iOS 7.1.2 on an iPhone 4.
8ca4b125e9aba514f4d2bd3c12b5189f4dceafcaab577262cc602a11c87480fbThis repository contains several tools Project Zero uses to test iPhone messaging. It includes SmsSimulator: an SMS simulator for iPhone, iMessage: tools for sending and dumping iMessage messages, and imapiness: a fuzzer for IMAP clients. See the directory for each tool for further instructions and contact information. This is not an officially supported Google product. These tools were released and presented at BlackHat USA 2019.
fa8f560293640c4759f220069490d2498cf18f75ce1183b3ab8f77dd819585e5An issue exists where a malformed iMessage can brick an iPhone. A method in IMCore can throw an NSException due to a malformed message containing a property with key IMExtensionPayloadLocalizedDescriptionTextKey with a value that is not a NSString.
386b80597a37e396ddf40dd708c4b4c2f1bb231ffc13b70144ae69977d215d60Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.
9c8b27fd5dc694419a2e1fe2acaec09a3a3748cecd6c755d74306abf2fa147f4Symantec Mobile Encryption for iPhone version 2.1.0 suffers from a denial of service vulnerability.
119082c8fba0ce625f4d888eb4ead0b157fe56329f2ffa4dd557451514b85c3cWordPress Windows Desktop and iPhone Photo Uploader plugin suffers from a remote shell upload vulnerability.
4066792653efe187fcf02429adee45b20e2c070fa70ff0034e4116b8ff3d3b8bAir Transfer Iphone version 1.3.9 suffers from remote denial of service and unauthenticated file access vulnerabilities.
b8c61362492344b22533cf0c29ae89e1126382231a1db7c063c8dfffc085a1daA heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.
84bd76ba4dce1e485a3431a2c7bbd07c262e86f184ca05e0931fac224f9ab746A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.
14c94c8c5cb510aa3236b42b9618aa54726915b4e116afea229961e936fb158dTransferable Remote version 1.1 for iPad and iPhone suffers from cross site scripting, remote command injection, and local file inclusion vulnerabilities.
6877edbaf520d3096e1f6a36769dac53f740caf0b99e3898e1a5b85af18136efAir Disk Wireless version 1.9 for iPad and iPhone suffers from local file inclusion and command injection vulnerabilities.
6f2789cd45882d7450ce7572d4406c8d84c4b10091095db5ba30b7f40fd8ded1The Twitter 5.0 application for iPhone grabs images over HTTP and due to this, allows for a man in the middle attack / image swap. Proof of concept included.
e23c89d44db9163f784b4ff04d606d1d56ae5646f4b6067a4cf9eb08c6eab232This article explains the technical procedure and challenges involved in extracting data and artifacts from iPhone backups.
91d87e6d4d62c26dfb2d234b849782b8cc383017bef870f2d1f7066ccb41ab9fThis whitepaper details some of the vulnerabilities observed over the past year while performing regular security assessments of iPhone and iPad applications. MDSec documents some of the vulnerabilities identified as well as the methods to exploit them, and recommendations that developers can adopt to protect their iOS applications. It covers not only the security features of the platform, but provides in depth information on how to perform both black box and white box iOS penetration tests, along with suggested methodologies and compliance.
334c947d960799417387ce8f1c27188fc7f859bd204b9dc50890663d07a20fbaIPhone TreasonSMS suffers from html injection and file inclusion vulnerabilities.
970c996aa7c982bb7a6e11f66d1c1cddee59c395b7871150919ec0fabb8a448bVopium for Android and iPhone leaks various data such as your password by passing it in the clear.
006feebf3184c898d414ea373175d64843914bb7e535369ca74b8aa5cfe9312bThis is a brief whitepaper discussing how to perform forensics on iOS 5 on the iPhone.
343b3862d39127f659978159079fb88e96475725f86982f827ebd28b23cbf412Whitepaper called Hacking Dispositivos iOS. It demonstrates how dangerous it is to be connected to a wireless network with an iOS device that has OpenSSH enabled. Written in Spanish.
69fe6147bbfce7aa1f1fda7be05564726198e6a7762c9a4c617c46545fd0da39iPhone/iPad Phone Drive version 1.1.1 suffers from a directory traversal vulnerability.
9ce0c276f2718f6d58f886cee41cf5f3c43da205d27b9901882eb2578567dd7fSecunia Security Advisory - Some vulnerabilities has been reported in Apple iOS for iPhone 4 (CDMA), which can be exploited by malicious people to compromise a vulnerable device.
58241a550a74f073ce9e13066fa22ac36bdc09a8c6c0a69f7d4b774dc7e3caacSecunia Security Advisory - A vulnerability has been reported in Apple iPhone iOS, which can be exploited by malicious people to compromise a vulnerable device.
4ca404bb386a61c3ee07e03daf7c440fe7d870c7282ded69cdf586b1ead8c81aZero Day Initiative Advisory 11-109 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari on the iPhone. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the support for parsing Office files. When handling the OfficeArtMetafileHeader the process trusts the cbSize field and performs arithmetic on it before making an allocation. As the result is not checked for overflow, the subsequent allocation can be undersized. Later when copying into this buffer, memory can be corrupted leading to arbitrary code execution under the context of the mobile user on the iPhone.
0581a4c68f5e63d36a00736efee38f3d2bb3ee49ea8fb2e43d4cdad83da323dcCheckview version 1.1 for iPhone / iPod Touch suffers from a directory traversal vulnerability.
0c1c7c235e48be30034e09b5c091b9c55a816798098f00028fbecaed5480a878The Air Contacts Lite iPhone / iPod application suffers from a denial of service vulnerability.
036dcf267ec003320d5b64aad82a254c7e057c458b57b30432860f42451bad23Apple iPhone 4 with iOS 4.3 (8F190) suffers from a passphrase disclosure vulnerability that allows all local processes access to it.
50b3289c4489d4defcfdf5ed6c483a646482853dbb3b0aa3477ed046497aa078
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed