This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload. This module has been tested against iOS 7.1.2 on an iPhone 4.
8ca4b125e9aba514f4d2bd3c12b5189f4dceafcaab577262cc602a11c87480fb
Multiple memory safety issues exist in Mac OS X and iOS inside of mach_ports_register.
164ada40109fdf8bff76ff09d76b270061f06289e2e74b857944849bdf5cb42e
Apple Security Advisory 2016-10-24-5 - watchOS 3.1 is now available and addresses code execution, information disclosure, and various other vulnerabilities.
03010c4d89859734e65a52fb3f0f18be0e1933849a9dae3b4f8573ecd3767e7a
Apple Security Advisory 2016-10-24-4 - tvOS 10.0.1 is now available and addresses phishing, information disclosure, code execution, and other vulnerabilities.
8cf97ea4c246c77b3989cfb6cd8004c5f151ea63b3538383ecb66851efa37dd5
Apple Security Advisory 2016-10-24-2 - macOS Sierra 10.12.1 is now available and addresses code execution, privilege escalation, and various other vulnerabilities.
329e7fab2964a6ead2b00b8b8ef210ce7b2d6f242311f20577681b8c43bcaa08
Apple Security Advisory 2016-10-24-1 - iOS 10.1 is now available and addresses information leaks, code execution, and various other vulnerabilities.
9f0a6f969f80f483dca826b35be26d9f6b2ebae0d4a46bd852a8c2beb5e25529