关联漏洞
描述
macOS CVE-2024-44133 evaluator of popular browsers
介绍
# HM-Surf evaluator
Evaluates susceptibility to [CVE-2024-44133](https://nvd.nist.gov/vuln/detail/CVE-2024-44133) of common macOS browsers.
Also contains the HTML that takes a screenshot and downloads it along with location extraction.

## Usage - evaluator
To run the evaluator, which evaluates [CVE-2024-44133](https://nvd.nist.gov/vuln/detail/CVE-2024-44133) on all common macOS browsers, run:
```shell
python3 -m pip install -r ./requirements.txt
./hm-surf-eval.py
```
Upon execution, the tool evaluates TCC bypassing capabilities of all common macOS browsers.
## Usage - HTML
The file [hm-surf.html](hm-surf.html) is an example HTML page that demontrates [CVE-2024-44133](https://nvd.nist.gov/vuln/detail/CVE-2024-44133).
All it does is access the camera and location, presenting the location (with low accuracy, on purpose) and downloads the camera screenshot (but it could just as easily save it on a server).
This file is *not* an exploit by itself, and requires Camera, Microphone and location access enabled for the browser, e.g. by a local attacker overriding the per-browser preferences.
That capability can be assessed with the evaluator.
To view the HTML page easily, you could use any tool, e.g. [htmlpreview](http://htmlpreview.github.io/?https://github.com/yo-yo-yo-jbo/hm-surf/blob/main/hm-surf.html).
## Coding
Coding an evaluator is quite easy - you inherit from `BrowserEvaluatorBase` and implement two methods:
- `get_browser_name` - retrieves a human-readable browser name.
- `evaluate` - gets the `username` and its `home_dir` and evaluates susceptibility. Returning `None` means browser is not susceptible, while returning a `BrowserResults` instance yields susceptible results.
Note there's also a `ChromiumEvaluatorBase` base class for Chromium-based browsers, which means you have to implement the usual `get_browser_name` and also a `get_preference_filepath` method that returns a preference file path for the given home directory. You do not have to implement `evaluate` for Chromium-based browsers, that's implemented by the base class.
文件快照
[4.0K] /data/pocs/1cae042dbf916d7417dd4d0b8112a9a66f1aea9f
├── [4.0K] core
│ ├── [2.1K] lib.py
│ ├── [7.2K] printing.py
│ ├── [ 562] singleton.py
│ ├── [2.5K] sqlite_aux.py
│ └── [5.3K] utils.py
├── [4.0K] evaluators
│ ├── [3.3K] apple_safari.py
│ ├── [ 594] brave.py
│ ├── [2.1K] chromium_base.py
│ ├── [ 603] google_chrome.py
│ ├── [ 608] microsoft_edge.py
│ ├── [2.7K] mozilla_firefox.py
│ ├── [ 591] opera.py
│ └── [ 577] vivaldi.py
├── [2.4K] hm-surf-eval.py
├── [2.8K] hm-surf.html
├── [2.1K] README.md
├── [ 16] requirements.txt
└── [511K] screenshot.png
2 directories, 18 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。