POC详情: a5a2d83bebb3e64239525a11da0b9324c1737952

来源
https://github.com/bazad/flow_divert-heap-overflow
关联漏洞
标题: Apple iOS、watchOS、OS X El Capitan和tvOS kernel 缓冲区溢出漏洞 (CVE-2016-1827)
描述:Apple iOS、watchOS、OS X El Capitan和tvOS都是美国苹果(Apple)公司的产品。Apple iOS是为移动设备所开发的一套操作系统;watchOS是一套智能手表操作系统;OS X El Capitan是为Mac计算机所开发的一套专用操作系统;tvOS是一套智能电视操作系统。Kernel是其中的一个内核组件。 Apple iOS 9.3.2之前版本、watchOS 2.2.1之前版本、OS X El Capitan 10.11.5之前版本和tvOS 9.2.1之前版本的ke
描述
Proof-of-concept exploit for CVE-2016-1827 on OS X Yosemite.
介绍
## flow_divert-heap-overflow

<!-- Brandon Azad -->

flow_divert-heap-overflow is a proof-of-concept exploit for [CVE-2016-1827], which was patched in
OS X El Capitan [10.11.5] and iOS [9.3.2].

[CVE-2016-1827]: https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1827
[10.11.5]: https://support.apple.com/en-us/HT206567
[9.3.2]: https://support.apple.com/en-us/HT206568

The vulnerability is a series of unchecked arithmetic operations on an untrusted length supplied
from user space in the function flow_divert_handle_app_map_create. Exploitation requires root
privileges.

This proof-of-concept triggers a kernel panic OS X Yosemite 10.10.5. In El Capitan the length
fields were changed from 64 bits to 32 bits, so the message structure will need to be updated
accordingly. This exploit has not been tested on iOS.

### License

The flow_divert-heap-overflow code is released into the public domain. As a courtesy I ask that if
you reference or use any of this code you attribute it to me.
文件快照

 [4.0K]  /data/pocs/a5a2d83bebb3e64239525a11da0b9324c1737952
├── [1.8K]  flow_divert-heap-overflow.c
├── [ 168]  Makefile
└── [ 997]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。