Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-9802 PoC — 多款Apple产品安全漏洞

Source
https://github.com/Billy-Ellis/jitsploitation
Associated Vulnerability
Title:多款Apple产品安全漏洞 (CVE-2020-9802)
Description:A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
Description
iOS browser exploit for CVE-2020-9802, an old JIT bug.
Readme
# jitsploitation
iOS browser exploit for CVE-2020-9802, an old JIT bug.


This is an exploit for a popular JIT compiler bug in the WebKit engine for macOS and iOS originally documented by Project Zero.
I re-implemented the exploit for this bug as an exercise in learning browser exploitation.

Video explanation: [How 1 Click can Hack your iPhone](https://www.youtube.com/watch?v=o6mVgygo-hk&t=34s)

### Credits

[ProjectZero blog](https://googleprojectzero.blogspot.com/2020/09/jitsploitation-one.html)

[JakeBlair420 implementation](https://github.com/JakeBlair420/totally-not-spyware/blob/master/root/js/utils.js)
File Snapshot

 [4.0K]  /data/pocs/56326562d499035a96684d8122311cdfd89381d1
├── [ 18K]  exploit.html
└── [ 617]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →