CVE-2016-4669 PoC — 多款Apple产品Kernel组件输入验证错误漏洞

Source

https://github.com/i-o-s/CVE-2016-4669

Associated Vulnerability

Title:多款Apple产品Kernel组件输入验证错误漏洞 (CVE-2016-4669)
Description:An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.

Description

不完美的利用代码，只能用于学习:)

Readme

# CVE-2016-4669
不完美的利用代码，只能用于学习:)

#1 编译方法
make就可以了

#2 功能
如果运行成功，可以获得root权限。但是成功率并不高。

#3 大致情况
- 比较稳定的制造一个dangling port。
- 不能稳定的让带有root的port重用，10次能成功1次吧：（，可能更低
- 不是很稳定，很容易把内核弄崩溃，只能用于理解和分析该漏洞的成因和利用原理
- 应该不会再去加以完善了，不过还是期待有大腿能指点一下更稳定的触发方法。

#4 writeup
[这里](http://turingh.github.io/2017/01/15/CVE-2016-7644-%E4%B8%89%E8%B0%88Mach-IPC/)

#5 运行成功的结果
![1](https://raw.githubusercontent.com/turingH/CVE-2016-4669/master/EFA15327-ED77-4B03-A898-29CB767A72B5.png)

File Snapshot


 [4.0K]  /data/pocs/ea5dbff0be21f2179dca83dd82e41b94b980f0f5
├── [311K]  EFA15327-ED77-4B03-A898-29CB767A72B5.png
├── [  54]  Makefile
├── [ 10K]  r3gister.c
├── [ 791]  README.md
├── [ 11K]  task.defs
├── [ 43K]  task.h
├── [171K]  taskServer.c
└── [182K]  taskUser.c

0 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!