CVE-2017-7115

HIGH

iPhone OS < 10.3.3 and tvOS < 10.2.2 - Remote Code Execution or Denial of Service via Wi-Fi Race Condition

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7115. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a Wi-Fi vulnerability (CVE-2017-7115) to achieve arbitrary read/write access to physical memory on iOS devices. It uses a modified hostapd to inject crafted 802.11k frames and executes shellcode to gain control over the target device.

Description

An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textremoteios

https://www.exploit-db.com/exploits/42996

View Code ZIP pw:eip

This exploit leverages a Wi-Fi vulnerability (CVE-2017-7115) to achieve arbitrary read/write access to physical memory on iOS devices. It uses a modified hostapd to inject crafted 802.11k frames and executes shellcode to gain control over the target device.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: iOS 10.2 (14C92) on iPhone 7

No auth needed

Prerequisites: SoftMAC Wi-Fi dongle (e.g., TL-WN722N) · Modified hostapd with 802.11k support · Target device connected to malicious Wi-Fi network

MITRE ATT&CK