Safari Webkit JIT Exploit for iOS 7.1.2

This module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit CVE-2016-4669 that obtains kernel rw, obtains root and disables code signing. Finally we download and...

Safari Webkit For iOS 7.1.2 JIT Optimization Bug Exploit

This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit CVE-2016-4669 that obtains kernel rw, obtains root and disables code signing. Finally we...

Safari Webkit For iOS 7.1.2 JIT Optimization Bug

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Safari Webkit JIT Exploit for iOS 7.1.2', 'Description' = %q This module exploits a JIT optimization bug in Safari Webkit. This allows us to writ...

Apple iOS / macOS - Sandbox Escape due to mach Message sent from Shared Memory Exploit

Exploit for multiple platform in category dos / poc Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory iohideventsystem sets up a shared memory event queue; at the end of this shared memory buffer it puts a mach message which it sends whenever it wants to notify a client...

Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory

iohideventsystem sets up a shared memory event queue; at the end of this shared memory buffer it puts a mach message which it sends whenever it wants to notify a client that there's data available in the queue. As a client we can modify this mach message such that the server hidd on MacOS,...

Deja-XNU

Posted by Ian Beer, Google Project Zero This blog post revisits an old bug found by Pangu Team and combines it with a new, albeit very similar issue I recently found to try to build a "perfect" exploit for iOS 7.1.2. State of the art An idea I've wanted to play with for a while is to revisit old...

Viber 4.2.0 - Non-Printable Characters Handling Denial of Service Vulnerability

Exploit for iOS platform in category dos / poc !/usr/bin/perl -w -- coding: utf-8 - + Title: Viber Non-Printable Characters Handling Denial of Service Vulnerability + Product: Viber + Vendor: http://www.viber.com/en/ + SoftWare Link :...

Viber 4.2.0 - Non-Printable Characters Handling Denial of Service

Viber 4.2.0 - Non-Printable Characters Handling Denial of Service !/usr/bin/perl -w -- coding: utf-8 - + Title: Viber Non-Printable Characters Handling Denial of Service Vulnerability + Product: Viber + Vendor: http://www.viber.com/en/ + SoftWare Link :...

Viber 4.2.0 Denial Of Service

!/usr/bin/perl -w -- coding: utf-8 - + Title: Viber Non-Printable Characters Handling Denial of Service Vulnerability + Product: Viber + Vendor: http://www.viber.com/en/ + SoftWare Link : https://itunes.apple.com/app/viber-free-phone-calls/id382617920?mt=8 + Vulnerable Versions: Viber 4.2.0 on IO...