CVE-2017-2473

HIGH

iPhone OS < 10.3, macOS < 10.12.4, tvOS < 10.2, watchOS < 3.2 - Remote Code Execution or Denial of Service in Kernel

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2473. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit demonstrates a kernel memory corruption vulnerability in macOS/iOS via the SIOCSIFORDER ioctl. It leverages a type confusion bug where a 32-bit unsigned value is cast to a signed type for bounds checking, allowing out-of-bounds memory access.

Description

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · cdosmultiple

https://www.exploit-db.com/exploits/41792

View Code ZIP pw:eip

This exploit demonstrates a kernel memory corruption vulnerability in macOS/iOS via the SIOCSIFORDER ioctl. It leverages a type confusion bug where a 32-bit unsigned value is cast to a signed type for bounds checking, allowing out-of-bounds memory access.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Apple macOS/iOS kernel (tested on macOS 10.12.3)

No auth needed

Prerequisites: Access to a TCP socket · macOS/iOS kernel with vulnerable SIOCSIFORDER ioctl

MITRE ATT&CK