CVE-2021-30657 PoC — Apple macOS 安全特征问题漏洞

Source

https://github.com/shubham0d/CVE-2021-30657

Associated Vulnerability

Title:Apple macOS 安全特征问题漏洞 (CVE-2021-30657)
Description:A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..

Description

A sample POC for CVE-2021-30657 affecting MacOS

Readme

# CVE-2021-30657
A simple POC for CVE-2021-30657 affecting MacOS
## Vulnerability detail
A vulnerability in `syspolicyd` allows specially crafted application bundle downloaded from internet to <br/>
bypass foundational macOS security features such as File Quarantine, Gatekeeper, and Notarization. <br/>
Armed with this capability attackers could hack macOS systems with a simple user (double)-click.

## Usage
Put your desireable shell script in `payload.sh`.<br/>
Execute `setup.sh` <br/>
This will generate a bait.dmg that will contain our malicious app bundle.<br/>
Share it to the victim through internet. <br/>
When victim will double click on app icon after mounting dmg, it will execute the payload script without any gatekeeper's checks.

## Affected version
* macOS Big Sur < 11.3
* Security Update Catalina < 2021-002

## Technical details
https://objective-see.com/blog/blog_0x64.html

File Snapshot


 [4.0K]  /data/pocs/803e0a2b990838e5376ee0e8c639e010fcd5b6ca
├── [1.0K]  LICENSE
├── [ 187]  payload.sh
├── [ 897]  README.md
└── [ 223]  setup.sh

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!