search

Synacktiv-contrib / CVE-2018-4193

exploit for CVE-2018-4193
70 stars 21 forks source link

Not working on Mojave 10.14.3 Beta #1

Open timwr opened 5 years ago

timwr commented 5 years ago

Let me know if I'm doing something stupid:

$ sw_vers
ProductName:    Mac OS X
ProductVersion: 10.14.3
BuildVersion:   18D21c
$ ./exploit id
2018-12-22 12:20:37 [+] Resolving symbols...
2018-12-22 12:20:37 [+] Building our ROP chain...
2018-12-22 12:20:37 [!] set_rsi != 0 is false (l.212)
2018-12-22 12:20:37 [!] build_rop_spray(&rop_spray, argv[1]) == 0 is false (l.89)

Meanwhile I'll try to update to 10.14.4 (without updating to 10.14.5).

timwr commented 5 years ago

On closer inspection obviously it's not going to work without the correct gadgets. Let me see if I can look them up dynamically...

elvanderb commented 5 years ago

Well as the vulnerabilty was fixed in macOS 10.13.5 it's not going to work anyway.

timwr commented 5 years ago

I'm on 10.14.3. I suspect I need to join the beta program to get 10.14.4. Fyi I couldn't find the set_rsi rop gadget in any dylib on 10.14.3.

timwr commented 5 years ago

If I have time I'll try find a suitable ROP chain for 10.14.3