iOS 7.1.x Exploit Released (CVE-2014-4377)
Haven't upgraded to iOS 8 yet? Aside from a lot of new features, Apple also fixed a number of security vulnerabilities in iOS 8. For example CVE-2014-4377, a memory corrupion issue in iOS's core graphics library. An exploit is now available for this vulnerability.
NOTE: I have not verified yet that the exploit is working / genuine. We will not link at this point to the exploit code, but basic Google Fu should allow you to find it.
The author claims that the exploit is "compleatly reliable and portable on iOS 7.1.x". The exploit comes in the form of a malformed PDF, which would usually be delivered as an image inside an HTML page.
Keywords:
4 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
Diary Archives
Comments
Sounds like it's not functional out of the box.
Anonymous
Sep 22nd 2014
1 decade ago
Anonymous
Sep 22nd 2014
1 decade ago
Anonymous
Sep 23rd 2014
1 decade ago
Sounds like it's not functional out of the box.[/quote]
No, it needs CVE-2014-4378, which he also provides:
http://blog.binamuse.com/2014/09/coregraphics-information-disclosure.html
Anonymous
Sep 23rd 2014
1 decade ago