Apple iOS 密码锁安全绕过漏洞
发布日期:2013-02-18
更新日期:2013-02-20
受影响系统:
Apple iOS 6.1 (10B143)
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 57990
Apple iOS是由苹果公司开发的手持设备操作系统。
Apple iOS 6.1 (10B143)及其他版本在处理屏幕截图功能、紧急呼叫和电源按钮多个混合事件时,其主登录模块中存在安全漏洞,本地攻击者可在出现黑屏时通过USB绕过密码锁。此漏洞可被没有特权iOS账户特权的本地攻击者无需互动即可利用。成功利用后可导致未授权设备访问和信息泄露。
<*来源:Benjamin Kunz Mejri
链接:http://seclists.org/fulldisclosure/2013/Feb/90
http://seclists.org/fulldisclosure/2013/Feb/98
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Proof of Concept:
=================
The local code lock bypass vulnerability to access the iphone or ipad can be exploited by local attackers without
required user interaction or
privileged iOS user account. For demonstration or reproduce ...
Manually steps to reproduce ... #2
0. Connect your device with itunes and the appstore to make sure the code lock is activated
1. Push the power button (top|right)
2. The mobile will be activated and the iOS code lock will be visible
3. Now, you click on the emergency call
4. Try to dail any random emergency call number from a public listing (we used 911, 110 and 112)
5. Call the number and cancel the call directly after the dail without a direct connection to the number
6. Push again the power button and push after it the iphone button (square) in the middle
7. In the next step you push the power button 3 secounds and in the third secound you push also with one finger the
square and with another the emergency call button
8. After pushing all 3 buttons you turn your finger of the square (middle) button and after it of the power button
9. The display of the iOS will be black (blackscreen)
10. Take our your usb plug and connect it with the iOS device in black screen mode
11. All files like photos, contacts and co. will be available directly from the device harddrive without the pin to
access. Successful reproduced!
Video: http://www.vulnerability-lab.com/get_content.php?id=874
Public Video: http://www.youtube.com/watch?v=DiHz_jkWjsE
0. http://i45.tinypic.com/2lrfgi.png
1. http://i48.tinypic.com/10odysn.png
2. http://i50.tinypic.com/6p181s.png
3. http://i50.tinypic.com/i4l6r9.png
4. http://i48.tinypic.com/102nqlu.png
5. http://i50.tinypic.com/2a9pqqf.png
6. http://i48.tinypic.com/acsv1c.png
7. http://i50.tinypic.com/2rcs6dz.png
8. http://i48.tinypic.com/etbs09.png
9. http://i50.tinypic.com/23vx5xf.png
10. http://i46.tinypic.com/261i1hd.png
11. http://i48.tinypic.com/acsv1c.jpg
12. http://i46.tinypic.com/2u7x4k7.png
13. http://i47.tinypic.com/k0fzmw.png
14. http://i50.tinypic.com/28mnuw1.png
15. http://i48.tinypic.com/241qd5z.png
16. http://i47.tinypic.com/spximw.png
17. http://i45.tinypic.com/27xil8w.png
18. http://i47.tinypic.com/3090fad.png
19. http://i46.tinypic.com/2vtv5h0.jpg
建议:
--------------------------------------------------------------------------------
厂商补丁:
Apple
-----
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://support.apple.com/