CVE-2017-13876

HIGH

Apple <11.2, <10.13.2, <4.2, <11.2 - RCE/DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-13876. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages an integer overflow in the `posix_spawn` syscall on 32-bit macOS/iOS systems, allowing an out-of-bounds write in kernel memory. The PoC demonstrates a heap overflow primitive by manipulating the `port_actions` structure, targeting Apple Watch Series 3 running WatchOS 4.0.1.

Description

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/43325

View Code ZIP pw:eip

This exploit leverages an integer overflow in the `posix_spawn` syscall on 32-bit macOS/iOS systems, allowing an out-of-bounds write in kernel memory. The PoC demonstrates a heap overflow primitive by manipulating the `port_actions` structure, targeting Apple Watch Series 3 running WatchOS 4.0.1.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: macOS/iOS (32-bit) kernel, specifically WatchOS 4.0.1 on Apple Watch Series 3

No auth needed

Prerequisites: 32-bit macOS/iOS device (e.g., Apple Watch Series 3) · Ability to execute arbitrary code in userspace

MITRE ATT&CK