HackDig : Dig high-quality web security articles for hacker

NDAY-2017-0101: iCloud Information Leak

2017-05-25 16:50

  • zNID: NDAY-2017-0101
  • CVE: Unknown
  • Type: Information Disclosure
  • Platform: iOS < 10.3
  • Device type: iPhone, iPod
  • iOS bulletinhttps://support.apple.com/en-us/HT207617
  • Public release date: 25th of May, 2017
    Credit: Anonymous

Download Exploit (password zimperium_ndays)

Vulnerability Details

An XPC service com.apple.coreservices.appleid.authentication can be accessed by any application on iOS because of lack of sandbox checks. This can be exploited by sending a message containing a “command” key, and setting the value to either 0x130, 0x500 or 0x510, information about the user’s iCloud will be shown such as phone number, name, serial number of device, and all emails associated with the iCloud account.

Exploitation


Source: /kael-noitamrofni-duolci-1010-7102-yadn/moc.muirepmiz.golb

“NDAY-2017-0101: iCloud Information Leak”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud