POC详情: 1cae042dbf916d7417dd4d0b8112a9a66f1aea9f

来源
https://github.com/yo-yo-yo-jbo/hm-surf
关联漏洞
标题: Apple macOS 安全漏洞 (CVE-2024-44133)
描述:Apple macOS是美国苹果(Apple)公司的一套专为Mac计算机所开发的专用操作系统。 Apple macOS 15 版本存在安全漏洞,该漏洞源于在 MDM 管理的设备上,应用程序可能能够绕过某些隐私偏好设置。
描述
macOS CVE-2024-44133 evaluator of popular browsers
介绍
# HM-Surf evaluator
Evaluates susceptibility to [CVE-2024-44133](https://nvd.nist.gov/vuln/detail/CVE-2024-44133) of common macOS browsers.  
Also contains the HTML that takes a screenshot and downloads it along with location extraction.
![Screenshot](screenshot.png)

## Usage - evaluator
To run the evaluator, which evaluates [CVE-2024-44133](https://nvd.nist.gov/vuln/detail/CVE-2024-44133) on all common macOS browsers, run:

```shell
python3 -m pip install -r ./requirements.txt
./hm-surf-eval.py
```

Upon execution, the tool evaluates TCC bypassing capabilities of all common macOS browsers.

## Usage - HTML
The file [hm-surf.html](hm-surf.html) is an example HTML page that demontrates [CVE-2024-44133](https://nvd.nist.gov/vuln/detail/CVE-2024-44133).  
All it does is access the camera and location, presenting the location (with low accuracy, on purpose) and downloads the camera screenshot (but it could just as easily save it on a server).  
This file is *not* an exploit by itself, and requires Camera, Microphone and location access enabled for the browser, e.g. by a local attacker overriding the per-browser preferences.  
That capability can be assessed with the evaluator.  
To view the HTML page easily, you could use any tool, e.g. [htmlpreview](http://htmlpreview.github.io/?https://github.com/yo-yo-yo-jbo/hm-surf/blob/main/hm-surf.html).

## Coding
Coding an evaluator is quite easy - you inherit from `BrowserEvaluatorBase` and implement two methods:
- `get_browser_name` - retrieves a human-readable browser name.
- `evaluate` - gets the `username` and its `home_dir` and evaluates susceptibility. Returning `None` means browser is not susceptible, while returning a `BrowserResults` instance yields susceptible results.

Note there's also a `ChromiumEvaluatorBase` base class for Chromium-based browsers, which means you have to implement the usual `get_browser_name` and also a `get_preference_filepath` method that returns a preference file path for the given home directory. You do not have to implement `evaluate` for Chromium-based browsers, that's implemented by the base class.
文件快照

 [4.0K]  /data/pocs/1cae042dbf916d7417dd4d0b8112a9a66f1aea9f
├── [4.0K]  core
│   ├── [2.1K]  lib.py
│   ├── [7.2K]  printing.py
│   ├── [ 562]  singleton.py
│   ├── [2.5K]  sqlite_aux.py
│   └── [5.3K]  utils.py
├── [4.0K]  evaluators
│   ├── [3.3K]  apple_safari.py
│   ├── [ 594]  brave.py
│   ├── [2.1K]  chromium_base.py
│   ├── [ 603]  google_chrome.py
│   ├── [ 608]  microsoft_edge.py
│   ├── [2.7K]  mozilla_firefox.py
│   ├── [ 591]  opera.py
│   └── [ 577]  vivaldi.py
├── [2.4K]  hm-surf-eval.py
├── [2.8K]  hm-surf.html
├── [2.1K]  README.md
├── [  16]  requirements.txt
└── [511K]  screenshot.png

2 directories, 18 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。