Published: 22/05/2017 Updated: 25/10/2017

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 765

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

An issue exists in certain Apple products. macOS prior to 10.12.5 is affected. The issue involves the "DiskArbitration" component. A race condition allows malicious users to execute arbitrary code in a privileged context via a crafted app.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x

#!/bin/bash # Sources: # rawgithubusercontentcom/phoenhex/files/master/pocs/poc-mountsh # phoenhexre/2017-06-09/pwn2own-diskarbitrationd-privesc if ! security authorize systemvolumeinternalmount &>/dev/null; then echo 2>&1 "Cannot acquire systemvolumeinternalmount right This will not work" exit 1 fi ...

Exploit using following bugs to escape Safari sandbox: CVE-2017-2533: TOCTOU in diskarbitrationd CVE-2017-2535: PID reuse logic bug in authd CVE-2017-2534: Arbitrary dylib loading in speechsynthesisd CVE-2017-6977: NULL ptr dereference in nsurlstoraged How to use Get a vulnerable macOS 10124 system with a FAT32 partition called /dev/disk0s1 Back up the contents of /dev/dis

CWE-362 https://support.apple.com/HT207797 http://www.securitytracker.com/id/1038484 https://www.exploit-db.com/exploits/42146/https://phoenhex.re/2017-06-09/pwn2own-diskarbitrationd-privesc http://www.zerodayinitiative.com/advisories/ZDI-17-357/https://nvd.nist.gov https://github.com/maximehip/Safari-iOS10.3.2-macOS-10.12.4-exploit-Bugs https://www.exploit-db.com/exploits/42146/

CVE-2017-2533

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect