漏洞描述
Apple iOS等都是美国苹果(Apple)公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。Apple watchOS是一套智能手表操作系统。Core Data是其中的一个用于管理应用程序中模型层对象的框架。 Apple iOS 12.4之前版本、tvOS 12.4之前版本和watchOS 5.3之前版本中的Core Data组件存在资源管理错误漏洞。远程攻击者可利用该漏洞执行任意代码。
iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References
PoC代码
暂无相关漏洞推荐
- POC 博硕BGM InvokeWithOutParam SQL注入漏洞
- fastjson-rce-all: Fastjson Deserialization RCE
- POC CVE-2017-1000353: Jenkins CLI - Java Deserialization
- POC CVE-2024-55556: InvoiceShelf <= 1.3.0 - PHP Deserialization
- POC CVE-2015-7450: IBM WebSphere Java Object Deserialization - Remote Code Execution
- POC CVE-2016-9299: Jenkins CLI - HTTP Java Deserialization
- POC CVE-2017-18349: Fastjson Insecure Deserialization - Remote Code Execution
- POC CVE-2017-9822: DotNetNuke 5.0.0 - 9.3.0 - Cookie Deserialization Remote Code Execution
- POC CVE-2018-19276: OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
- POC CVE-2019-0192: Apache Solr - Deserialization of Untrusted Data
- POC CVE-2019-10068: Kentico CMS Insecure Deserialization Remote Code Execution
- POC CVE-2019-17564: Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization
- POC CVE-2020-10189: ManageEngine Desktop Central Java Deserialization