CVE-2024-0258
HIGHiPadOS < 17.4 - Arbitrary Code Execution via Improper Access Control
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2024-0258. PoCs published by aliyabuz25.
AI-analyzed exploit summary This repository provides a technical analysis and documentation of CVE-2024-0258, an Apple libxpc vulnerability involving Mach IPC port handling. The included code demonstrates a complex Mach message structure but does not implement a full exploit or privilege escalation.
Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
Exploits (2)
This repository provides a technical analysis and documentation of CVE-2024-0258, an Apple libxpc vulnerability involving Mach IPC port handling. The included code demonstrates a complex Mach message structure but does not implement a full exploit or privilege escalation.
The repository contains a functional Mach IPC exploit PoC for CVE-2024-0258, demonstrating port manipulation and message sending to a target service. The code includes detailed Mach message handling and port descriptor operations, indicative of a privilege escalation or IPC-based vulnerability.
References (15)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H