Apple iOS 9.3.1密码绕过漏洞
version 9.3.1Proof of Concept (PoC):
=======================
The local passcode vulnerability can be exploited by local attackers
with low privileged device user account and without user interaction.
For security demonstration or to reproduce the vulnerability follow the
provided information and steps below to continue.
Manual steps to reproduce the vulnerability ...
1. Start the iPhone 6S or iPhone 6 Plus
2. Install for example the default yahoo, twitter or facebook
application of the appstore
3. Start the application to the runtime task
4. Set a new passcode via Settings
5. Lock the mobile via power (shutdown) button
6. Open siri by pushing two seconds the home button or use the "hello
siri" option
7. Ask siri to search via twitter, yahoo or facebook as slide preview
8. Surf through the feed since a @tag becomes visible or use the search
in the preview
9. Push the @tag button - intensive push (6S or Plus)
10. Now the basic context menu becomes visible with new options
11. Choose to add a new contact
12. Open yet the pictures for adding to profile
13. Now, the attacker got already successful access to the photo album
of the apple device without secure auth
14. Click to send a message and the mailbox will open without secure auth
14. Successful reproduce of the vulnerability 谢谢楼主的分享 如何利用啊?? 支持,看起来还是可以的 我是来水经验的…… 支持中国红客联盟(ihonker.org) 1. 打开 iPhone 6S 或者 iPhone 6 Plus
2. 从appstore安装 yahoo, twitter或者facebook
3. 运行软件
4. 在设置里设置密码
5. 按锁屏键锁屏
6. 按home键两秒或者是说"hello siri"来打开siri
7. 让siri搜索twitter, yahoo 或者 facebook
8. Surf through the feed since a @tag becomes visible or use the search
in the preview
9. Push the @tag button - intensive push (6S or Plus)
10. Now the basic context menu becomes visible with new options
11. 选择添加联系人
12. 打开相片添加到profile里
13. 现在可以看皂片了
14. 还能发短信,发邮件
14. 复现了漏洞 支持中国红客联盟(ihonker.org) 我是来水经验的……