MacOS\iOS эксплойты

weaver · 10.04.2019

В этой ветке будут выкладываться эксплойты под MacOS и iOS (Jailbreak) ...

Бэкграунд инфо: https://googleprojectzero.blogspot.com/2019/04/splitting-atoms-in-xnu.html
PoC exploit for iOS 12.0 on iPhone Xs

1728 - project-zero - Project Zero - Monorail

bugs.chromium.org

weaver · 01.05.2019

iOS kernel exploit for iOS 11 - 12.1.2
https://github.com/PsychoTea/machswap

unc0ver jailbreak for iOS 11.0 - 12.1.2

GitHub - pwn20wndstuff/Undecimus: unc0ver jailbreak for iOS 11.0 - 12.4

unc0ver jailbreak for iOS 11.0 - 12.4. Contribute to pwn20wndstuff/Undecimus development by creating an account on GitHub.

github.com

weaver · 05.08.2019

Три эксплойта которые позволяют удаленно выполнить на устройстве произвольный код без участия пользователя. Для осуществления атаки достаточно лишь отправить на устройство жертвы особым образом сконфигурированное сообщение. Как только сообщение будет открыто и просмотрено, на устройстве выполнится вредоносный код.

Apple iOS/watchOS/tvOS
PoC RCE exploit - CVE-2019-8647

Apple watchOS 10.1.1
Apple watchOS 5.2.1
Apple watchOS 5.1.3
Apple watchOS 5.1.2
Apple watchOS 4.3.2
Apple watchOS 4.3.1
Apple watchOS 3.1.3
Apple watchOS 3.1.1
Apple watchOS 2.2.2
Apple watchOS 2.2.1
Apple watchOS 2.0.1
Apple watchOS 1.0.1
Apple watchOS 5
Apple watchOS 4.3
Apple watchOS 4.2.3
Apple watchOS 4.2.2
Apple watchOS 4.2
Apple watchOS 4.1
Apple watchOS 4
Apple watchOS 3.2.3
Apple watchOS 3.2.2
Apple watchOS 3.2.1
Apple watchOS 3.2
Apple watchOS 3.1
Apple watchOS 3.0
Apple watchOS 3
Apple watchOS 2.2
Apple watchOS 2.1
Apple watchOS 2.0
Apple watchOS 12.4
Apple watchOS 1.0
Apple tvOS 12.2.1
Apple tvOS 12.1.2
Apple tvOS 12.1.1
Apple tvOS 11.4.1
Apple tvOS 11.2.6
Apple tvOS 11.2.5
Apple tvOS 10.1.1
Apple tvOS 10.0.1
Apple tvOS 9.2.2
Apple tvOS 9.2.1
Apple tvOS 9.1.1
Apple tvOS 9.2
Apple tvOS 9.1
Apple tvOS 9.0
Apple tvOS 12.3
Apple tvOS 12
Apple tvOS 11.4
Apple tvOS 11.2.1
Apple tvOS 11.2
Apple tvOS 11.1
Apple tvOS 11
Apple tvOS 10.2.2
Apple tvOS 10.2.1
Apple tvOS 10.2
Apple tvOS 10.1
Apple tvOS 10
Apple iOS 5 0
Apple iOS 4 0
Apple iOS 3 0
Apple iOS 12.1.4
Apple iOS 12.1.3
Apple iOS 12.1.1
Apple iOS 12.0.1
Apple iOS 11.4.1
Apple iOS 10.2.1
Apple iOS 10.0.1
Apple iOS 9.3.4
Apple iOS 9.3.3
Apple iOS 9.3.2
Apple iOS 9.3.1
Apple iOS 9.2.1
Apple iOS 9.0.2
Apple iOS 9.0.1
Apple iOS 8.4.1
Apple iOS 7.2
Apple iOS 7.0.6
Apple iOS 7.0.5
Apple iOS 7.0.3
Apple iOS 7.0.2
Apple iOS 7.0.1
Apple iOS 6.3.1
Apple iOS 6.1.6
Apple iOS 6.1.4
Apple iOS 6.1.3
Apple iOS 4.2.1
Apple iOS 4.0.2
Apple iOS 4.0.1
Apple iOS 3.2.2
Apple iOS 3.2.1
Apple iOS 9.3.5
Apple iOS 9.3
Apple iOS 9.2
Apple iOS 9.1
Apple iOS 9
Apple iOS 8.4
Apple iOS 8.3
Apple iOS 8.2
Apple iOS 8.1.3
Apple iOS 8.1.2
Apple iOS 8.1.1
Apple iOS 8.1
Apple iOS 8
Apple iOS 7.1.2
Apple iOS 7.1.1
Apple iOS 7.1
Apple iOS 7.0.4
Apple iOS 7
Apple iOS 6.1
Apple iOS 6.0.2
Apple iOS 6.0.1
Apple iOS 6
Apple iOS 5.1.1
Apple iOS 5.1
Apple iOS 5.0.1
Apple iOS 5
Apple iOS 4.3.5
Apple iOS 4.3.4
Apple iOS 4.3.3
Apple iOS 4.3.2
Apple iOS 4.3.1
Apple iOS 4.3
Apple iOS 4.2.9
Apple iOS 4.2.8
Apple iOS 4.2.7
Apple iOS 4.2.6
Apple iOS 4.2.5
Apple iOS 4.2.10
Apple iOS 4.2
Apple iOS 4.1
Apple iOS 4
Apple iOS 3.2
Apple iOS 3.1
Apple iOS 3.0
Apple iOS 2.1
Apple iOS 2.0
Apple iOS 12.3
Apple iOS 12.2
Apple iOS 12.1
Apple iOS 12
Apple iOS 11.4
Apple iOS 11.3.1
Apple iOS 11.3
Apple iOS 11.2.6
Apple iOS 11.2.5
Apple iOS 11.2.2
Apple iOS 11.2.1
Apple iOS 11.2
Apple iOS 11.1
Apple iOS 11
Apple iOS 10.3.3
Apple iOS 10.3.2
Apple iOS 10.3.1
Apple iOS 10.3
Apple iOS 10.2
Apple iOS 10.1
Apple iOS 10

Apple macOS/watchOS/iOS/tvOS
PoC RCE exploit- CVE-2019-8660

Apple watchOS 5.2.1
Apple watchOS 5.1.3
Apple watchOS 5.1.2
Apple watchOS 4.3.2
Apple watchOS 4.3.1
Apple watchOS 3.1.3
Apple watchOS 3.1.1
Apple watchOS 2.2.2
Apple watchOS 2.2.1
Apple watchOS 2.0.1
Apple watchOS 1.0.1
Apple watchOS 5
Apple watchOS 4.3
Apple watchOS 4.2.3
Apple watchOS 4.2.2
Apple watchOS 4.2
Apple watchOS 4.1
Apple watchOS 4
Apple watchOS 3.2.3
Apple watchOS 3.2.2
Apple watchOS 3.2.1
Apple watchOS 3.2
Apple watchOS 3.1
Apple watchOS 3.0
Apple watchOS 3
Apple watchOS 2.2
Apple watchOS 2.1
Apple watchOS 2.0
Apple watchOS 1.0
Apple Watch Sport 0
Apple Watch Hermes 0
Apple Watch Edition 0
Apple tvOS 12.2.1
Apple tvOS 12.1.2
Apple tvOS 12.1.1
Apple tvOS 11.4.1
Apple tvOS 11.2.6
Apple tvOS 11.2.5
Apple tvOS 10.1.1
Apple tvOS 10.0.1
Apple tvOS 9.2.2
Apple tvOS 9.2.1
Apple tvOS 9.1.1
Apple tvOS 9.2
Apple tvOS 9.1
Apple tvOS 9.0
Apple tvOS 12.3
Apple tvOS 12
Apple tvOS 11.4
Apple tvOS 11.2.1
Apple tvOS 11.2
Apple tvOS 11.1
Apple tvOS 11
Apple tvOS 10.2.2
Apple tvOS 10.2.1
Apple tvOS 10.2
Apple tvOS 10.1
Apple tvOS 10
Apple TV 0
Apple macOS 10.14.5
Apple macOS 10.14.4
Apple macOS 10.14.3
Apple macOS 10.14.2
Apple macOS 10.14.1
Apple macOS 10.13.6
Apple macOS 10.13.1
Apple macOS 10.14
Apple macOS 10.13.5
Apple macOS 10.13.4
Apple macOS 10.13.3
Apple macOS 10.13.2
Apple macOS 10.13
Apple macOS 10.12.6
Apple macOS 10.12.5
Apple macOS 10.12.4
Apple macOS 10.12.3
Apple macOS 10.12.2
Apple macOS 10.12.1
Apple macOS 10.12
Apple iPod Touch 0
Apple iPhone 0
Apple iPad 0
Apple iOS 5 0
Apple iOS 4 0
Apple iOS 3 0
Apple iOS 12.1.4
Apple iOS 12.1.3
Apple iOS 12.1.1
Apple iOS 12.0.1
Apple iOS 11.4.1
Apple iOS 10.2.1
Apple iOS 10.0.1
Apple iOS 9.3.4
Apple iOS 9.3.3
Apple iOS 9.3.2
Apple iOS 9.3.1
Apple iOS 9.2.1
Apple iOS 9.0.2
Apple iOS 9.0.1
Apple iOS 8.4.1
Apple iOS 7.2
Apple iOS 7.0.6
Apple iOS 7.0.5
Apple iOS 7.0.3
Apple iOS 7.0.2
Apple iOS 7.0.1
Apple iOS 6.3.1
Apple iOS 6.1.6
Apple iOS 6.1.4
Apple iOS 6.1.3
Apple iOS 4.2.1
Apple iOS 4.0.2
Apple iOS 4.0.1
Apple iOS 3.2.2
Apple iOS 3.2.1
Apple iOS 9.3.5
Apple iOS 9.3
Apple iOS 9.2
Apple iOS 9.1
Apple iOS 9
Apple iOS 8.4
Apple iOS 8.3
Apple iOS 8.2
Apple iOS 8.1.3
Apple iOS 8.1.2
Apple iOS 8.1.1
Apple iOS 8.1
Apple iOS 8
Apple iOS 7.1.2
Apple iOS 7.1.1
Apple iOS 7.1
Apple iOS 7.0.4
Apple iOS 7
Apple iOS 6.1
Apple iOS 6.0.2
Apple iOS 6.0.1
Apple iOS 6
Apple iOS 5.1.1
Apple iOS 5.1
Apple iOS 5.0.1
Apple iOS 5
Apple iOS 4.3.5
Apple iOS 4.3.4
Apple iOS 4.3.3
Apple iOS 4.3.2
Apple iOS 4.3.1
Apple iOS 4.3
Apple iOS 4.2.9
Apple iOS 4.2.8
Apple iOS 4.2.7
Apple iOS 4.2.6
Apple iOS 4.2.5
Apple iOS 4.2.10
Apple iOS 4.2
Apple iOS 4.1
Apple iOS 4
Apple iOS 3.2
Apple iOS 3.1
Apple iOS 3.0
Apple iOS 2.1
Apple iOS 2.0
Apple iOS 12.3
Apple iOS 12.2
Apple iOS 12.1
Apple iOS 12
Apple iOS 11.4
Apple iOS 11.3.1
Apple iOS 11.3
Apple iOS 11.2.6
Apple iOS 11.2.5
Apple iOS 11.2.2
Apple iOS 11.2.1
Apple iOS 11.2
Apple iOS 11.1
Apple iOS 11
Apple iOS 10.3.3
Apple iOS 10.3.2
Apple iOS 10.3.1
Apple iOS 10.3
Apple iOS 10.2
Apple iOS 10.1
Apple iOS 10

Apple macOS/watchOS/iOS/tvOS
PoC RCE exploit - CVE-2019-8662

Apple watchOS 5.2.1
Apple watchOS 5.1.3
Apple watchOS 5.1.2
Apple watchOS 4.3.2
Apple watchOS 4.3.1
Apple watchOS 3.1.3
Apple watchOS 3.1.1
Apple watchOS 2.2.2
Apple watchOS 2.2.1
Apple watchOS 2.0.1
Apple watchOS 1.0.1
Apple watchOS 5
Apple watchOS 4.3
Apple watchOS 4.2.3
Apple watchOS 4.2.2
Apple watchOS 4.2
Apple watchOS 4.1
Apple watchOS 4
Apple watchOS 3.2.3
Apple watchOS 3.2.2
Apple watchOS 3.2.1
Apple watchOS 3.2
Apple watchOS 3.1
Apple watchOS 3.0
Apple watchOS 3
Apple watchOS 2.2
Apple watchOS 2.1
Apple watchOS 2.0
Apple watchOS 1.0
Apple Watch Sport 0
Apple Watch Hermes 0
Apple Watch Edition 0
Apple tvOS 12.2.1
Apple tvOS 12.1.2
Apple tvOS 12.1.1
Apple tvOS 11.4.1
Apple tvOS 11.2.6
Apple tvOS 11.2.5
Apple tvOS 10.1.1
Apple tvOS 10.0.1
Apple tvOS 9.2.2
Apple tvOS 9.2.1
Apple tvOS 9.1.1
Apple tvOS 9.2
Apple tvOS 9.1
Apple tvOS 9.0
Apple tvOS 12.3
Apple tvOS 12
Apple tvOS 11.4
Apple tvOS 11.2.1
Apple tvOS 11.2
Apple tvOS 11.1
Apple tvOS 11
Apple tvOS 10.2.2
Apple tvOS 10.2.1
Apple tvOS 10.2
Apple tvOS 10.1
Apple tvOS 10
Apple TV 0
Apple macOS 10.14.5
Apple macOS 10.14.4
Apple macOS 10.14.3
Apple macOS 10.14.2
Apple macOS 10.14.1
Apple macOS 10.13.6
Apple macOS 10.13.1
Apple macOS 10.14
Apple macOS 10.13.5
Apple macOS 10.13.4
Apple macOS 10.13.3
Apple macOS 10.13.2
Apple macOS 10.13
Apple macOS 10.12.6
Apple macOS 10.12.5
Apple macOS 10.12.4
Apple macOS 10.12.3
Apple macOS 10.12.2
Apple macOS 10.12.1
Apple macOS 10.12
Apple iPod Touch 0
Apple iPhone 0
Apple iPad 0
Apple iOS 5 0
Apple iOS 4 0
Apple iOS 3 0
Apple iOS 12.1.4
Apple iOS 12.1.3
Apple iOS 12.1.1
Apple iOS 12.0.1
Apple iOS 11.4.1
Apple iOS 10.2.1
Apple iOS 10.0.1
Apple iOS 9.3.4
Apple iOS 9.3.3
Apple iOS 9.3.2
Apple iOS 9.3.1
Apple iOS 9.2.1
Apple iOS 9.0.2
Apple iOS 9.0.1
Apple iOS 8.4.1
Apple iOS 7.2
Apple iOS 7.0.6
Apple iOS 7.0.5
Apple iOS 7.0.3
Apple iOS 7.0.2
Apple iOS 7.0.1
Apple iOS 6.3.1
Apple iOS 6.1.6
Apple iOS 6.1.4
Apple iOS 6.1.3
Apple iOS 4.2.1
Apple iOS 4.0.2
Apple iOS 4.0.1
Apple iOS 3.2.2
Apple iOS 3.2.1
Apple iOS 9.3.5
Apple iOS 9.3
Apple iOS 9.2
Apple iOS 9.1
Apple iOS 9
Apple iOS 8.4
Apple iOS 8.3
Apple iOS 8.2
Apple iOS 8.1.3
Apple iOS 8.1.2
Apple iOS 8.1.1
Apple iOS 8.1
Apple iOS 8
Apple iOS 7.1.2
Apple iOS 7.1.1
Apple iOS 7.1
Apple iOS 7.0.4
Apple iOS 7
Apple iOS 6.1
Apple iOS 6.0.2
Apple iOS 6.0.1
Apple iOS 6
Apple iOS 5.1.1
Apple iOS 5.1
Apple iOS 5.0.1
Apple iOS 5
Apple iOS 4.3.5
Apple iOS 4.3.4
Apple iOS 4.3.3
Apple iOS 4.3.2
Apple iOS 4.3.1
Apple iOS 4.3
Apple iOS 4.2.9
Apple iOS 4.2.8
Apple iOS 4.2.7
Apple iOS 4.2.6
Apple iOS 4.2.5
Apple iOS 4.2.10
Apple iOS 4.2
Apple iOS 4.1
Apple iOS 4
Apple iOS 3.2
Apple iOS 3.1
Apple iOS 3.0
Apple iOS 2.1
Apple iOS 2.0
Apple iOS 12.3
Apple iOS 12.2
Apple iOS 12.1
Apple iOS 12
Apple iOS 11.4
Apple iOS 11.3.1
Apple iOS 11.3
Apple iOS 11.2.6
Apple iOS 11.2.5
Apple iOS 11.2.2
Apple iOS 11.2.1
Apple iOS 11.2
Apple iOS 11.1
Apple iOS 11
Apple iOS 10.3.3
Apple iOS 10.3.2
Apple iOS 10.3.1
Apple iOS 10.3
Apple iOS 10.2
Apple iOS 10.1
Apple iOS 10

Следующие два эксплойта позволяют получить доступ к содержимому памяти устройства и удаленно читать файлы. Для осуществления атаки никаких действий со стороны жертвы не требуется.

Apple watchOS
PoC - CVE-2019-8624

Apple watchOS 10.1.1
Apple watchOS 5.2.1
Apple watchOS 5.1.3
Apple watchOS 5.1.2
Apple watchOS 4.3.2
Apple watchOS 4.3.1
Apple watchOS 3.1.3
Apple watchOS 3.1.1
Apple watchOS 2.2.2
Apple watchOS 2.2.1
Apple watchOS 2.0.1
Apple watchOS 1.0.1
Apple watchOS 5
Apple watchOS 4.3
Apple watchOS 4.2.3
Apple watchOS 4.2.2
Apple watchOS 4.2
Apple watchOS 4.1
Apple watchOS 4
Apple watchOS 3.2.3
Apple watchOS 3.2.2
Apple watchOS 3.2.1
Apple watchOS 3.2
Apple watchOS 3.1
Apple watchOS 3.0
Apple watchOS 3
Apple watchOS 2.2
Apple watchOS 2.1
Apple watchOS 2.0
Apple watchOS 12.4
Apple watchOS 1.0

Apple macOS/watchOS/iOS/tvOS
PoC - CVE-2019-8646

Apple watchOS 5.2.1
Apple watchOS 5.1.3
Apple watchOS 5.1.2
Apple watchOS 4.3.2
Apple watchOS 4.3.1
Apple watchOS 3.1.3
Apple watchOS 3.1.1
Apple watchOS 2.2.2
Apple watchOS 2.2.1
Apple watchOS 2.0.1
Apple watchOS 1.0.1
Apple watchOS 5
Apple watchOS 4.3
Apple watchOS 4.2.3
Apple watchOS 4.2.2
Apple watchOS 4.2
Apple watchOS 4.1
Apple watchOS 4
Apple watchOS 3.2.3
Apple watchOS 3.2.2
Apple watchOS 3.2.1
Apple watchOS 3.2
Apple watchOS 3.1
Apple watchOS 3.0
Apple watchOS 3
Apple watchOS 2.2
Apple watchOS 2.1
Apple watchOS 2.0
Apple watchOS 1.0
Apple Watch Sport 0
Apple Watch Hermes 0
Apple Watch Edition 0
Apple tvOS 12.2.1
Apple tvOS 12.1.2
Apple tvOS 12.1.1
Apple tvOS 11.4.1
Apple tvOS 11.2.6
Apple tvOS 11.2.5
Apple tvOS 10.1.1
Apple tvOS 10.0.1
Apple tvOS 9.2.2
Apple tvOS 9.2.1
Apple tvOS 9.1.1
Apple tvOS 9.2
Apple tvOS 9.1
Apple tvOS 9.0
Apple tvOS 12.3
Apple tvOS 12
Apple tvOS 11.4
Apple tvOS 11.2.1
Apple tvOS 11.2
Apple tvOS 11.1
Apple tvOS 11
Apple tvOS 10.2.2
Apple tvOS 10.2.1
Apple tvOS 10.2
Apple tvOS 10.1
Apple tvOS 10
Apple TV 0
Apple macOS 10.14.5
Apple macOS 10.14.4
Apple macOS 10.14.3
Apple macOS 10.14.2
Apple macOS 10.14.1
Apple macOS 10.13.6
Apple macOS 10.13.1
Apple macOS 10.14
Apple macOS 10.13.5
Apple macOS 10.13.4
Apple macOS 10.13.3
Apple macOS 10.13.2
Apple macOS 10.13
Apple macOS 10.12.6
Apple macOS 10.12.5
Apple macOS 10.12.4
Apple macOS 10.12.3
Apple macOS 10.12.2
Apple macOS 10.12.1
Apple macOS 10.12
Apple iPod Touch 0
Apple iPhone 0
Apple iPad 0
Apple iOS 5 0
Apple iOS 4 0
Apple iOS 3 0
Apple iOS 12.1.4
Apple iOS 12.1.3
Apple iOS 12.1.1
Apple iOS 12.0.1
Apple iOS 11.4.1
Apple iOS 10.2.1
Apple iOS 10.0.1
Apple iOS 9.3.4
Apple iOS 9.3.3
Apple iOS 9.3.2
Apple iOS 9.3.1
Apple iOS 9.2.1
Apple iOS 9.0.2
Apple iOS 9.0.1
Apple iOS 8.4.1
Apple iOS 7.2
Apple iOS 7.0.6
Apple iOS 7.0.5
Apple iOS 7.0.3
Apple iOS 7.0.2
Apple iOS 7.0.1
Apple iOS 6.3.1
Apple iOS 6.1.6
Apple iOS 6.1.4
Apple iOS 6.1.3
Apple iOS 4.2.1
Apple iOS 4.0.2
Apple iOS 4.0.1
Apple iOS 3.2.2
Apple iOS 3.2.1
Apple iOS 9.3.5
Apple iOS 9.3
Apple iOS 9.2
Apple iOS 9.1
Apple iOS 9
Apple iOS 8.4
Apple iOS 8.3
Apple iOS 8.2
Apple iOS 8.1.3
Apple iOS 8.1.2
Apple iOS 8.1.1
Apple iOS 8.1
Apple iOS 8
Apple iOS 7.1.2
Apple iOS 7.1.1
Apple iOS 7.1
Apple iOS 7.0.4
Apple iOS 7
Apple iOS 6.1
Apple iOS 6.0.2
Apple iOS 6.0.1
Apple iOS 6
Apple iOS 5.1.1
Apple iOS 5.1
Apple iOS 5.0.1
Apple iOS 5
Apple iOS 4.3.5
Apple iOS 4.3.4
Apple iOS 4.3.3
Apple iOS 4.3.2
Apple iOS 4.3.1
Apple iOS 4.3
Apple iOS 4.2.9
Apple iOS 4.2.8
Apple iOS 4.2.7
Apple iOS 4.2.6
Apple iOS 4.2.5
Apple iOS 4.2.10
Apple iOS 4.2
Apple iOS 4.1
Apple iOS 4
Apple iOS 3.2
Apple iOS 3.1
Apple iOS 3.0
Apple iOS 2.1
Apple iOS 2.0
Apple iOS 12.3
Apple iOS 12.2
Apple iOS 12.1
Apple iOS 12
Apple iOS 11.4
Apple iOS 11.3.1
Apple iOS 11.3
Apple iOS 11.2.6
Apple iOS 11.2.5
Apple iOS 11.2.2
Apple iOS 11.2.1
Apple iOS 11.2
Apple iOS 11.1
Apple iOS 11
Apple iOS 10.3.3
Apple iOS 10.3.2
Apple iOS 10.3.1
Apple iOS 10.3
Apple iOS 10.2
Apple iOS 10.1
Apple iOS 10

weaver · 20.08.2019

weaver сказал(а):

unc0ver jailbreak for iOS 11.0 - 12.1.2

Releases · pwn20wndstuff/Undecimus

unc0ver jailbreak for iOS 11.0 - 12.4. Contribute to pwn20wndstuff/Undecimus development by creating an account on GitHub.

github.com

Обновлено до iOS 12.4

weaver · 01.10.2019

«неисправляемый» джейлбрейк под названием "Checkm8" для iOS-устройств который сделан на базе аппаратной уязвимости

Данный джайилбрейк эксплуатирует неисправленную уязвимость в Apple Bootrom (SecureROM) – первом коде, который запускается во время загрузки iPhone и может предоставить доступ на уровне системы. Однако уязвимость в bootrom – это проблема на уровне аппаратного обеспечения, поэтому ее нельзя исправить с помощью обновления ПО.

GitHub - axi0mX/ipwndfu: open-source jailbreaking tool for many iOS devices

open-source jailbreaking tool for many iOS devices - axi0mX/ipwndfu

github.com

Джаилбрейк для iPhone 4s ( чип A5 ) , iPhone 8 , iPhone X ( чип A11 ).

Подробнее: https://www.securitylab.ru/news/501468.php
Технический анализ сплойта: https://xss.pro/threads/32709/

weaver · 26.02.2020

iOS 12.0-13.3 tfp0 (A8X)

GitHub - jakeajames/time_waste: iOS 12.0-13.3 tfp0

iOS 12.0-13.3 tfp0. Contribute to jakeajames/time_waste development by creating an account on GitHub.

github.com

Novel · 02.04.2020

CVE-2020-3843

Remote iOS/MacOS kernel heap corruption.
PoC: https://bugs.chromium.org/p/project...id=436673&signed_aid=mrYlWTTg9sud2yvwNadV4g==
Источник: https://bugs.chromium.org/p/project...urce=share&utm_medium=ios_app&utm_name=iossmf

Novel · 02.04.2020

CVE:POC. Password появится в поле с id
CVE-2020-9787:https://bugpoc.com/poc#bp-Ay2ea1QE
CVE-2020-9784 & CVE-2020-3887:https://bugpoc.com/poc#bp-t9C660OJ
CVE-2020-3864 :https://bugpoc.com/poc#bp-wkIedjRe
CVE-N/A:https://bugpoc.com/poc#bp-2ONzjAW6
CVE-N/A:http://bugpoc.com/poc#bp-HHAQuUYC

Искточник: https://www.ryanpickren.com/webcam-hacking

weaver · 29.08.2020

Odyssey Swift-based semi-untethered jailbreak
All A9-A13 devices on iOS 13.0-13.5

GitHub - Odyssey-Team/Odyssey: Odyssey Swift-based semi-untethered jailbreak

Odyssey Swift-based semi-untethered jailbreak. Contribute to Odyssey-Team/Odyssey development by creating an account on GitHub.

github.com

weaver · 01.03.2021

jailbreak unc0ver v.6.0 - iOS 11.0 <= 14.3

unc0ver

unc0ver.dev

peoplesort · 12.08.2023

weaver сказал(а):

unc0ver v.6.0 - iOS 11.0 <= 14.3

unc0ver обновлен до 8.0.2 (iOS 11.0 - 14.8)

peoplesort · 12.08.2023

TrollStore: На базе CVE-2022-26766 aka CoreTrust

ivan231 · 15.08.2023

peoplesort сказал(а):

TrollStore : Based on CVE -2022-26766 aka CoreTrust

you have that penetration?

peoplesort · 15.08.2023

ivan231 сказал(а):

you have that penetration?

TrollStore как раз на ней и реализована, за подробностями к Linus Henze (@LinusHenze)

Focus17 · 26.06.2024

GitHub - jprx/CVE-2024-27815: macOS/ XNU kernel buffer overflow. Introduced in macOS 14.0 (xnu-10002.1.13), fixed in macOS 14.5 (xnu-10063.121.3)

macOS/ XNU kernel buffer overflow. Introduced in macOS 14.0 (xnu-10002.1.13), fixed in macOS 14.5 (xnu-10063.121.3) - jprx/CVE-2024-27815

github.com

macOS/ XNU kernel buffer overflow. Introduced in macOS 14.0 (xnu-10002.1.13), fixed in macOS 14.5 (xnu-10063.121.3)

xvonfers · 04.08.2024

CVE-2024-27878: BoF -> ACE(зафикшена в macOS Sonoma 14.6).
"Универсальные, обратно совместимые ядерные R/W примитивы для систем macOS на базе ARM и Intel. PoC использует только существующие механизмы ядра и не требует сложных методов манипулирования памятью." - Tielei

Bash:

$clang CVE-2024-27878.m -o poc
$./poc

POCs/CVE-2024-27878/CVE-2024-27878.m at main · wangtielei/POCs

Contribute to wangtielei/POCs development by creating an account on GitHub.

github.com

MacOS\iOS эксплойты

31 c0 bb ea 1b e6 77 66 b8 88 13 50 ff d3

31 c0 bb ea 1b e6 77 66 b8 88 13 50 ff d3

31 c0 bb ea 1b e6 77 66 b8 88 13 50 ff d3

31 c0 bb ea 1b e6 77 66 b8 88 13 50 ff d3

31 c0 bb ea 1b e6 77 66 b8 88 13 50 ff d3

31 c0 bb ea 1b e6 77 66 b8 88 13 50 ff d3

HDD-drive

HDD-drive

31 c0 bb ea 1b e6 77 66 b8 88 13 50 ff d3

31 c0 bb ea 1b e6 77 66 b8 88 13 50 ff d3

HDD-drive

HDD-drive

HDD-drive

HDD-drive

(L2) cache

RAID-массив