Python
Permalink
Failed to load latest commit information.
cgi-bin Initial import Sep 18, 2014
tools How To port the shellcode and ROP chain to test other iDevice/firmwar… Sep 26, 2014
LICENSE Initial commit Sep 17, 2014
PORTING
README.md
index.html New 6.1.2 target by @SwissHttp Oct 15, 2014
miniPDF.py Initial import Sep 18, 2014
mkLeakCode.py
mkLeakData.py Initial import Sep 18, 2014
run.py Initial import Sep 18, 2014

README.md

CoreGraphics Information Disclosure - CVE-2014-4378

This article explores the exploitability of MobileSafari on IOS 7.1.x. Using a crafted PDF file as an HTML image makes it possible to leak information about the memory layout to the browser Javascript interpreter. Apple CoreGraphics library fails to validate input when parsing the colorspace specification of an inline image embedded in a PDF content stream. he issue results in an information leak vulnerability that improves the adversary capability of exploit other vulnerabilities in any application linked with this library. This is also proved useful to bypass a several exploit mitigations such as ASLR, DEP and CodeSigning.

Sumary: