nomisec
WORKING POC
60 stars
by Pa55w0rd · poc
https://github.com/Pa55w0rd/check_icmp_dos
This repository contains a proof-of-concept exploit for CVE-2018-4407, a remote kernel heap overflow vulnerability in iOS and macOS. The exploit sends maliciously crafted IP packets with specific options to trigger a denial-of-service (DoS) condition on vulnerable devices.
Classification
Working Poc 95%
Target:
Apple iOS <= 11, macOS High Sierra <= 10.13.6, macOS Sierra <= 10.12.6, OS X El Capitan and earlier
No auth needed
Prerequisites:
Network access to the target device (same Wi-Fi network) · Scapy library installed
nomisec
WORKING POC
48 stars
by unixpickle · poc
https://github.com/unixpickle/cve-2018-4407
This PoC exploits CVE-2018-4407, a DoS vulnerability in macOS and iOS devices by sending maliciously crafted ICMP packets with invalid IP options. The exploit triggers a kernel panic due to improper handling of IP options in the XNU kernel.
Classification
Working Poc 95%
Target:
Apple macOS and iOS (pre-late 2018)
No auth needed
Prerequisites:
Network access to the target device · Knowledge of the target's IP address
nomisec
WORKING POC
34 stars
by r3dxpl0it · poc
https://github.com/r3dxpl0it/CVE-2018-4407
This repository contains a Python-based exploit for CVE-2018-4407, a heap buffer overflow vulnerability in the XNU kernel affecting iOS and macOS. The exploit sends malformed TCP packets to trigger a denial-of-service (DoS) condition on vulnerable systems.
Classification
Working Poc 90%
Target:
Apple XNU kernel (iOS and macOS)
No auth needed
Prerequisites:
Network access to target systems · Python environment with Scapy and Nmap libraries
nomisec
WORKING POC
25 stars
by farisv · poc
https://github.com/farisv/AppleDOS
This PoC exploits CVE-2018-4407, a heap overflow vulnerability in Apple's XNU kernel caused by malformed ICMP error messages. It sends crafted TCP packets with oversized options to trigger a denial-of-service (DoS) on vulnerable Apple devices.
Classification
Working Poc 100%
Target:
Apple iOS (≤11), macOS High Sierra (≤10.13.6), macOS Sierra (≤10.12.6), OS X El Capitan and earlier
No auth needed
Prerequisites:
Network access to target devices · Python 3 with Scapy · Root/administrative privileges for raw packet sending
nomisec
WORKING POC
14 stars
by zteeed · poc
https://github.com/zteeed/CVE-2018-4407-IOS
This PoC exploits a heap buffer overflow in the XNU kernel's ICMP packet handling (CVE-2018-4407) to trigger a kernel crash and reboot on iOS/macOS devices. It scans the local network and sends malformed ICMP packets to vulnerable hosts.
Classification
Working Poc 90%
Target:
Apple XNU kernel (iOS/macOS)
No auth needed
Prerequisites:
Root privileges · Network access to target devices
nomisec
WORKING POC
13 stars
by WyAtu · poc
https://github.com/WyAtu/CVE-2018-4407
This PoC exploits CVE-2018-4407, a kernel crash vulnerability in iOS/macOS, by sending malformed IP packets with crafted IPOption and TCP options to trigger a denial-of-service (DoS) condition. The script includes ping scanning and multi-threading for targeting multiple hosts.
Classification
Working Poc 95%
Target:
Apple iOS/macOS kernel (versions affected by CVE-2018-4407)
No auth needed
Prerequisites:
Network access to target device · Target device must be vulnerable to CVE-2018-4407
nomisec
WORKING POC
10 stars
by SamDecrock · poc
https://github.com/SamDecrock/node-cve-2018-4407
This PoC exploits CVE-2018-4407, a remote kernel heap overflow in Apple's XNU kernel, by sending malformed IP packets with crafted TCP options. It targets iOS and macOS devices, causing a denial-of-service (DoS) condition.
Classification
Working Poc 95%
Target:
Apple XNU kernel (iOS 11 and earlier, macOS)
No auth needed
Prerequisites:
Network access to the target device · Node.js environment with raw-socket and ip modules
nomisec
WORKING POC
6 stars
by pwnhacker0x18 · poc
https://github.com/pwnhacker0x18/iOS-Kernel-Crash
This PoC exploits a heap buffer overflow in the XNU kernel (CVE-2018-4407) by sending malformed IP packets with oversized options to trigger a kernel crash and device reboot. It targets iOS and macOS devices via network packets to ports 62078 and 2323.
Classification
Working Poc 95%
Target:
Apple XNU kernel (iOS 12 and macOS)
No auth needed
Prerequisites:
Network access to target device · Scapy library installed
nomisec
WORKING POC
5 stars
by anonymouz4 · poc
https://github.com/anonymouz4/Apple-Remote-Crash-Tool-CVE-2018-4407
This repository contains a Python-based tool that exploits CVE-2018-4407, a heap buffer overflow vulnerability in Apple devices. It sends a malicious ICMP packet to crash macOS High Sierra or iOS 11 devices on the same WiFi network.
Classification
Working Poc 90%
Target:
Apple iOS 11 and earlier, macOS High Sierra up to 10.13.6, macOS Sierra up to 10.12.6, OS X El Capitan and earlier
No auth needed
Prerequisites:
MacOS with Python and Scapy installed · Target device on the same WiFi network
nomisec
WORKING POC
2 stars
by zeng9t · poc
https://github.com/zeng9t/CVE-2018-4407-iOS-exploit
This exploit targets CVE-2018-4407, a heap buffer overflow in the XNU kernel's networking code, affecting iOS and macOS. It crafts malicious TCP packets with oversized options to trigger a denial-of-service (DoS) condition.
Classification
Working Poc 90%
Target:
Apple XNU kernel (iOS 11.2.6, macOS High Sierra 10.13.6)
No auth needed
Prerequisites:
Network access to target devices · Scapy library installed · Root/sudo privileges for raw packet sending
nomisec
WORKING POC
1 stars
by lucagiovagnoli · poc
https://github.com/lucagiovagnoli/CVE-2018-4407
This PoC exploits CVE-2018-4407, a buffer overflow in the XNU kernel's ICMP error handling, causing a DoS on iOS/macOS devices via malformed IP/TCP packets. The script uses Scapy to craft packets with specific header lengths and options to trigger the vulnerability.
Classification
Working Poc 95%
Target:
Apple XNU kernel (iOS/macOS)
No auth needed
Prerequisites:
Network access to target device · Scapy and Nmap installed
nomisec
WORKING POC
1 stars
by s2339956 · poc
https://github.com/s2339956/check_icmp_dos-CVE-2018-4407-
This PoC exploits CVE-2018-4407, a DoS vulnerability in Apple's XNU kernel by sending malformed ICMP packets with oversized options, causing a crash in macOS and iOS devices. The script uses Scapy to craft and send these packets.
Classification
Working Poc 90%
Target:
Apple macOS (up to 10.13.6), iOS (up to 11.x)
No auth needed
Prerequisites:
Scapy library · Network access to target
github
WORKING POC
1 stars
by vaishakhcv · perlpoc
https://github.com/vaishakhcv/CVE-exploits/tree/master/CVE-2018-4407
The repository contains a functional exploit script for CVE-2018-4407, which targets a buffer overflow vulnerability in the Apple macOS kernel. The script uses Scapy to send crafted IP packets with malformed options to trigger the vulnerability.
Classification
Working Poc 90%
Target:
Apple macOS kernel (versions prior to macOS High Sierra 10.13.4)
No auth needed
Prerequisites:
Scapy installed · sudo privileges · target IP address
nomisec
WORKING POC
by 5431 · poc
https://github.com/5431/CVE-2018-4407
This PoC exploits CVE-2018-4407, an ICMP-based DoS vulnerability in Apple's XNU kernel. It sends malformed ICMP packets with oversized IP options to trigger a denial-of-service condition on vulnerable systems.
Classification
Working Poc 90%
Target:
Apple XNU kernel (macOS and iOS)
No auth needed
Prerequisites:
Scapy library · Network access to target
nomisec
WORKING POC
by Fans0n-Fan · poc
https://github.com/Fans0n-Fan/CVE-2018-4407
This PoC exploits CVE-2018-4407, a kernel crash vulnerability in Apple's ICMP packet-handling code, by sending malformed ICMP packets with crafted IP and TCP options to trigger an out-of-bounds write, resulting in a DoS condition.
Classification
Working Poc 90%
Target:
Apple iOS 11.0, 11.2, 11.3.1
No auth needed
Prerequisites:
Network access to the target device · Scapy library installed
nomisec
WORKING POC
by szabo-tibor · poc
https://github.com/szabo-tibor/CVE-2018-4407
This PoC exploits CVE-2018-4407, a denial-of-service vulnerability in Apple's macOS and iOS, by sending a malformed IP packet with crafted options to trigger a kernel panic. The exploit uses Scapy to construct and send the packet to the target.
Classification
Working Poc 90%
Target:
Apple macOS (up to 10.13.3) and iOS (up to 11.2.5)
No auth needed
Prerequisites:
Network access to the target · Scapy library installed
gitlab
WORKING POC
by aiastia079 · poc
https://gitlab.com/aiastia079/check_icmp_dos
This repository contains a functional PoC for CVE-2018-4407, a remote kernel heap overflow in iOS/macOS. The exploit sends malformed ICMP packets with crafted IP and TCP options to trigger a DoS condition.
Classification
Working Poc 95%
Target:
Apple iOS (up to 12) and macOS (up to 10.13.6)
No auth needed
Prerequisites:
Same network access as the target · Scapy library installed
github
WORKING POC
by winterwolf32 · perlpoc
https://github.com/winterwolf32/CVE_Exploits-/tree/master/CVE-2018-4407
The repository contains a functional exploit script for CVE-2018-4407, which targets a denial-of-service (DoS) vulnerability in Apple's macOS and iOS. The script uses Scapy to send malformed IP packets with crafted options to trigger the vulnerability.
Classification
Working Poc 90%
Target:
Apple macOS and iOS (versions affected by CVE-2018-4407)
No auth needed
Prerequisites:
Scapy installed · sudo privileges · network access to target