关联漏洞
标题:多款Apple产品CoreGraphics 整数溢出漏洞 (CVE-2014-4481)Description:Apple iOS、Apple OS X和Apple TV都是美国苹果(Apple)公司的产品。Apple iOS是为移动设备所开发的一套操作系统;Apple OS X是为Mac计算机所开发的一套专用操作系统;Apple TV是一款高清电视机顶盒产品。CoreGraphics是一个iOS内置的绘图框架。 多款Apple产品的CoreGraphics中存在整数溢出漏洞,该漏洞源于程序没有正确处理PDF文件。攻击者可利用该漏洞执行任意代码,或造成拒绝服务(应用程序崩溃)。以下产品和版本受到影响:Apple i
Description
Apple CoreGraphics framework fails to validate the input when parsing CCITT group 3 encoded data resulting in a heap overflow condition. A small heap memory allocation can be overflowed with controlled data from the input resulting in arbitrary code execution in the context of Mobile Safari.
介绍
CoreGraphics CCITT Memory Corruption - CVE-2014-4481
====================================================
Apple CoreGraphics framework fails to validate the input when parsing CCITT group 3 encoded data resulting in a heap overflow condition. A small heap memory allocation can be overflowed with controlled data from the input resulting in arbitrary code execution in the context of Mobile Safari
Summary
========
* Title: Apple CoreGraphics Memory Corruption
* CVE Name: CVE-2014-4481
* Permalink: http://blog.binamuse.com/2015/01/coregraphics-ccitt-memory-corruption.html
* Date published: 2015-01-27
* Date of last update: 2015-01-27
* Class: Client side / Integer Overflow / Memory Corruption
* Advisory: HT204245
文件快照
[4.0K] /data/pocs/b8323fdc616af40cb33d2219fae33552539626f6
├── [132K] AppleCoreGraphicsCCITTVuln.pdf
├── [4.0K] cgi-bin
│ └── [ 89] crash.pdf
├── [ 652] index.html
├── [3.9K] miniPDF.py
├── [ 19K] mkCrash.py
├── [ 722] README.md
└── [ 622] run.py
1 directory, 7 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →