关联漏洞
标题:多款Apple产品 Kernel 缓冲区错误漏洞 (CVE-2018-4407)Description:Apple macOS High Sierra等都是美国苹果(Apple)公司的一套专为Mac计算机所开发的专用操作系统。 Apple macOS Sierra 10.12.6版本和macOS High Sierra 10.13.6版本中的Kernel组件存在安全漏洞。攻击者可利用该漏洞执行任意代码(内存损坏)。
Description
Crash macOS and iOS devices with one packet
介绍
# CVE-2018-4407 reproduction
This is a simple reproduction of CVE-2018-4407, which allows you to crash macOS and iOS devices with OSes from before late 2018.
To use the program, replace `sourceStr` and `destStr` in *send_badopt.go* with your IP address and the victim's IP address, respectively. After running *send_badopt.go* for a few seconds, the victim's machine should crash.
See the original [writeup](https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407). Note that this writeup did not include the PoC script, so I had to derive a viable exploit myself.
文件快照
[4.0K] /data/pocs/d06662242d51309a1013f045276fa9ecc279b4af
├── [ 568] README.md
├── [4.0K] scripts
│ ├── [1.0K] ip_stats.sh
│ └── [ 376] listen.go
└── [1.4K] send_badopt.go
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →