漏洞平台

POC详情： 348a6c7feafbe4730eeb3867e642e4ed260aa294

来源

https://github.com/Manouchehri/CVE-2016-1734

关联漏洞

标题： Apple iOS AppleUSBNetworking 任意代码执行漏洞 (CVE-2016-1734)
描述：Apple iOS 9.3之前版本和OS X 10.11.4之前版本的AppleUSBNetworking中存在安全漏洞。物理位置临近的攻击者可借助特制的USB设备利用该漏洞以提升的权限执行任意代码，或造成拒绝服务（内存损坏）。

介绍

The patch is not in `AppleUSBNetworking.kext` like the security advisory suggested (https://support.apple.com/en-ca/HT206166).

```
~/CVE-2016-1734 > md5sum ./10.11.1/AppleUSBNetworking.kext/Contents/MacOS/AppleUSBNetworking.c ./10.11.5/AppleUSBNetworking.kext/Contents/MacOS/AppleUSBNetworking.c
4d297d692f49f12621b0218364486ac0  ./10.11.1/AppleUSBNetworking.kext/Contents/MacOS/AppleUSBNetworking.c
4d297d692f49f12621b0218364486ac0  ./10.11.5/AppleUSBNetworking.kext/Contents/MacOS/AppleUSBNetworking.c
```

![BinDiff](https://github.com/Manouchehri/CVE-2016-1734/blob/master/2016-06-03-05:32:46-screenshot.png)

文件快照


 [4.0K]  /data/pocs/348a6c7feafbe4730eeb3867e642e4ed260aa294
├── [4.0K]  10.11.1
│   └── [4.0K]  AppleUSBNetworking.kext
│       └── [4.0K]  Contents
│           ├── [4.0K]  _CodeSignature
│           │   └── [2.1K]  CodeResources
│           ├── [1.7K]  Info.plist
│           ├── [4.0K]  MacOS
│           │   ├── [ 43K]  AppleUSBNetworking
│           │   ├── [ 84K]  AppleUSBNetworking.asm
│           │   └── [ 51K]  AppleUSBNetworking.c
│           └── [ 472]  version.plist
├── [4.0K]  10.11.2
│   └── [4.0K]  AppleUSBNetworking.kext
│       └── [4.0K]  Contents
│           ├── [4.0K]  _CodeSignature
│           │   └── [2.1K]  CodeResources
│           ├── [1.7K]  Info.plist
│           ├── [4.0K]  MacOS
│           │   ├── [ 43K]  AppleUSBNetworking
│           │   ├── [114K]  AppleUSBNetworking.asm
│           │   └── [ 51K]  AppleUSBNetworking.c
│           └── [ 471]  version.plist
├── [4.0K]  10.11.3
│   └── [4.0K]  AppleUSBNetworking.kext
│       └── [4.0K]  Contents
│           ├── [4.0K]  _CodeSignature
│           │   └── [2.1K]  CodeResources
│           ├── [1.7K]  Info.plist
│           ├── [4.0K]  MacOS
│           │   ├── [ 43K]  AppleUSBNetworking
│           │   ├── [114K]  AppleUSBNetworking.asm
│           │   └── [ 51K]  AppleUSBNetworking.c
│           └── [ 471]  version.plist
├── [4.0K]  10.11.4
│   └── [4.0K]  AppleUSBNetworking.kext
│       └── [4.0K]  Contents
│           ├── [4.0K]  _CodeSignature
│           │   └── [2.1K]  CodeResources
│           ├── [1.7K]  Info.plist
│           ├── [4.0K]  MacOS
│           │   ├── [ 43K]  AppleUSBNetworking
│           │   ├── [116K]  AppleUSBNetworking.asm
│           │   └── [ 51K]  AppleUSBNetworking.c
│           └── [ 471]  version.plist
├── [4.0K]  10.11.5
│   └── [4.0K]  AppleUSBNetworking.kext
│       └── [4.0K]  Contents
│           ├── [4.0K]  _CodeSignature
│           │   └── [2.1K]  CodeResources
│           ├── [1.7K]  Info.plist
│           ├── [4.0K]  MacOS
│           │   ├── [ 43K]  AppleUSBNetworking
│           │   ├── [116K]  AppleUSBNetworking.asm
│           │   └── [ 51K]  AppleUSBNetworking.c
│           └── [ 472]  version.plist
├── [ 67K]  2016-06-03-05:32:46-screenshot.png
└── [ 616]  README.md

25 directories, 32 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。