CVE-2017-2472

HIGH

iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Use-After-Free in Kernel

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2472. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit triggers a use-after-free (UAF) vulnerability in the macOS/iOS kernel by manipulating posix_spawn with an invalid audit session port, causing a double-release of the port reference. The PoC demonstrates the flaw by allocating a Mach port and using posix_spawnattr_setauditsessionport_np to trigger the vulnerability.

Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmacos

https://www.exploit-db.com/exploits/41791

View Code ZIP pw:eip

This exploit triggers a use-after-free (UAF) vulnerability in the macOS/iOS kernel by manipulating posix_spawn with an invalid audit session port, causing a double-release of the port reference. The PoC demonstrates the flaw by allocating a Mach port and using posix_spawnattr_setauditsessionport_np to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: macOS/iOS kernel (xnu) up to 10.12.3 (16D32)

No auth needed

Prerequisites: Access to a vulnerable macOS/iOS system · Ability to execute arbitrary code on the target system

MITRE ATT&CK