Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Add exploit for CVE-2019-8513 (TimeMachine cmd injection) #11726
Initial commit of CVE-2019-8513. Ping @ChiChou
referenced this pull request
May 6, 2019
Been testing a few versions. 10.11.6 appeared vulnerable but not work:
10.13.3 worked great:
Mojave worked fine too.
Jun 29, 2019
This adds a module exploiting a command injection in TimeMachine on macOS <= 10.14.3 in order to run a payload as root. The tmdiagnose binary on OSX <= 10.14.3 suffers from a command injection vulnerability that can be exploited by creating a specially crafted disk label.