CVE-2017-13847

HIGH

iPhone OS < 11.2 and macOS < 10.13.2 - Memory Corruption in IOKit

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-13847. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a use-after-free (UaF) vulnerability in IOTimeSyncClockManagerUserClient on macOS 10.13. It triggers a race condition by calling IOServiceClose in one thread while manipulating OSArrays in another, leading to kernel memory corruption.

Description

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/43326

View Code ZIP pw:eip

This exploit demonstrates a use-after-free (UaF) vulnerability in IOTimeSyncClockManagerUserClient on macOS 10.13. It triggers a race condition by calling IOServiceClose in one thread while manipulating OSArrays in another, leading to kernel memory corruption.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Racy

Target: Apple macOS 10.13 (17A365) with IOTimeSyncClockManager

No auth needed

Prerequisites: macOS 10.13 (17A365) · Access to IOTimeSyncClockManager IOService

MITRE ATT&CK