CVE-2019-6225 PoC — 多款Apple产品Kernel 缓冲区错误漏洞

Source

https://github.com/fatgrass/OsirisJailbreak12

Associated Vulnerability

Title:多款Apple产品Kernel 缓冲区错误漏洞 (CVE-2019-6225)
Description:A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2. A malicious application may be able to elevate privileges.

Description

iOS 12.0 -> 12.1.2 Incomplete Osiris Jailbreak with CVE-2019-6225 by GeoSn0w (FCE365)

Readme

# OsirisJailbreak12
iOS 12.0 -> 12.1.2 Incomplete Jailbreak with CVE-2019-6225

An incomplete iOS 12 Jailbreak. For now it only runs the exploit, gets tfp0, gets ROOT, escapes the SandBox, writes a test file to prove the sandbox was escaped then resprings. Feel free to build on top of it as long as you respect the GPLv3 license.

4K devices are not supported for now. A12 and other 16K devices are.

### DEVELOPER JAILBREAK! NOT FOR THE GENERAL PUBLIC

### Demo video:
https://twitter.com/FCE365/status/1090770862238777344

### Credits:
<ul>
  <li> Jonathan Levin for QiLin and his books! </li>
  <li> Brandon Azad for the tfp0 exploit </li>  
  <li> Xerub(?) Patchfinder64 </li>
</ul>

### Me:
<ul>
  <li>GeoSn0w on Twitter: <a href="twitter.com/FCE365">@FCE365</a></li>
  <li>My YouTube channel: <a href="youtube.com/fce365official">iDevice Central</li>
</ul>

File Snapshot


 [4.0K]  /data/pocs/fb87252954e1f3911808be000384c71ad27b0e9a
├── [ 34K]  LICENSE
├── [4.0K]  osirisJB12
│   ├── [4.0K]  Osiris
│   │   ├── [4.0K]  Assets.xcassets
│   │   │   ├── [4.0K]  AppIcon.appiconset
│   │   │   │   ├── [2.6K]  Contents.json
│   │   │   │   ├── [3.6K]  Icon-App-20x20@1x.png
│   │   │   │   ├── [5.4K]  Icon-App-20x20@2x.png
│   │   │   │   ├── [7.6K]  Icon-App-20x20@3x.png
│   │   │   │   ├── [4.3K]  Icon-App-29x29@1x.png
│   │   │   │   ├── [7.3K]  Icon-App-29x29@2x.png
│   │   │   │   ├── [ 11K]  Icon-App-29x29@3x.png
│   │   │   │   ├── [5.4K]  Icon-App-40x40@1x.png
│   │   │   │   ├── [9.9K]  Icon-App-40x40@2x.png
│   │   │   │   ├── [ 16K]  Icon-App-40x40@3x.png
│   │   │   │   ├── [ 16K]  Icon-App-60x60@2x.png
│   │   │   │   ├── [ 26K]  Icon-App-60x60@3x.png
│   │   │   │   ├── [9.5K]  Icon-App-76x76@1x.png
│   │   │   │   ├── [ 21K]  Icon-App-76x76@2x.png
│   │   │   │   ├── [ 23K]  Icon-App-83.5x83.5@2x.png
│   │   │   │   └── [252K]  ItunesArtwork@2x.png
│   │   │   ├── [  62]  Contents.json
│   │   │   ├── [4.0K]  jb_wall.imageset
│   │   │   │   ├── [ 376]  Contents.json
│   │   │   │   ├── [172K]  jb_wall-1.jpg
│   │   │   │   ├── [172K]  jb_wall-2.jpg
│   │   │   │   └── [172K]  jb_wall.jpg
│   │   │   └── [4.0K]  osiris.imageset
│   │   │       ├── [ 373]  Contents.json
│   │   │       ├── [ 63K]  osiris-1.png
│   │   │       ├── [ 63K]  osiris-2.png
│   │   │       └── [ 63K]  osiris.png
│   │   ├── [4.0K]  exploit
│   │   │   ├── [ 710]  kmem.c
│   │   │   ├── [ 450]  kmem.h
│   │   │   ├── [4.0K]  voucher_swap
│   │   │   │   ├── [1.6K]  IOKitLib.h
│   │   │   │   ├── [1.6K]  ipc_port.h
│   │   │   │   ├── [7.9K]  kc_parameters.c
│   │   │   │   ├── [3.2K]  kc_parameters.h
│   │   │   │   ├── [ 20K]  kernel_alloc.c
│   │   │   │   ├── [9.8K]  kernel_alloc.h
│   │   │   │   ├── [ 893]  kernel_call.c
│   │   │   │   ├── [1.8K]  kernel_call.h
│   │   │   │   ├── [3.2K]  kernel_memory.c
│   │   │   │   ├── [2.3K]  kernel_memory.h
│   │   │   │   ├── [1.8K]  kernel_slide.c
│   │   │   │   ├── [ 781]  kernel_slide.h
│   │   │   │   ├── [ 825]  log.c
│   │   │   │   ├── [1.9K]  log.h
│   │   │   │   ├── [ 687]  mach_vm.h
│   │   │   │   ├── [1.4K]  noncereboot.c
│   │   │   │   ├── [8.7K]  pac.c
│   │   │   │   ├── [ 763]  pac.h
│   │   │   │   ├── [4.6K]  parameters.c
│   │   │   │   ├── [3.8K]  parameters.h
│   │   │   │   ├── [1.6K]  platform.c
│   │   │   │   ├── [1.5K]  platform.h
│   │   │   │   ├── [8.1K]  platform_match.c
│   │   │   │   ├── [1.8K]  platform_match.h
│   │   │   │   ├── [ 22K]  README
│   │   │   │   ├── [ 11K]  user_client.c
│   │   │   │   ├── [1.6K]  user_client.h
│   │   │   │   ├── [ 43K]  voucher_swap.c
│   │   │   │   └── [ 227]  voucher_swap.h
│   │   │   ├── [ 273]  voucher_swap.c
│   │   │   └── [ 103]  voucher_swap.h
│   │   ├── [1.7K]  Info.plist
│   │   ├── [2.6K]  IOKit.h
│   │   ├── [4.0K]  Kern Utils
│   │   │   ├── [3.6K]  exploit_additions.c
│   │   │   ├── [ 269]  exploit_additions.h
│   │   │   ├── [5.0K]  kexecute.c
│   │   │   ├── [ 223]  kexecute.h
│   │   │   ├── [4.9K]  kutils.c
│   │   │   ├── [ 571]  kutils.h
│   │   │   ├── [ 335]  offsetof.c
│   │   │   ├── [ 182]  offsetof.h
│   │   │   └── [4.0K]  osiris.imageset
│   │   │       ├── [ 373]  Contents.json
│   │   │       ├── [ 63K]  osiris-1.png
│   │   │       ├── [ 63K]  osiris-2.png
│   │   │       └── [ 63K]  osiris.png
│   │   ├── [ 209]  main.m
│   │   ├── [4.0K]  Offsets
│   │   │   ├── [1.2K]  offsets.h
│   │   │   └── [3.1K]  offsets.m
│   │   ├── [4.0K]  Osiris Post
│   │   │   ├── [ 144]  AppDelegate.h
│   │   │   ├── [2.0K]  AppDelegate.m
│   │   │   ├── [4.0K]  Base.lproj
│   │   │   │   ├── [2.9K]  LaunchScreen.storyboard
│   │   │   │   └── [6.8K]  Main.storyboard
│   │   │   ├── [2.7K]  beginOsiris.c
│   │   │   ├── [ 732]  beginOsiris.h
│   │   │   ├── [9.1K]  QiLin.h
│   │   │   ├── [ 214]  ViewController.h
│   │   │   └── [6.3K]  ViewController.m
│   │   └── [4.0K]  PatchFinder
│   │       ├── [ 19K]  patchfinder64.c
│   │       └── [ 302]  patchfinder64.h
│   └── [4.0K]  Osiris12JB.xcodeproj
│       ├── [ 30K]  project.pbxproj
│       └── [4.0K]  project.xcworkspace
│           ├── [ 203]  contents.xcworkspacedata
│           └── [4.0K]  xcshareddata
│               └── [ 238]  IDEWorkspaceChecks.plist
└── [ 864]  README.md

17 directories, 91 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!