{"id":21593256,"url":"https://github.com/farisv/appledos","last_synced_at":"2025-04-10T23:34:14.332Z","repository":{"id":108437800,"uuid":"155836421","full_name":"farisv/AppleDOS","owner":"farisv","description":"Messing Apple devices on the network with CVE-2018-4407 (heap overflow in bad packet handling)","archived":false,"fork":false,"pushed_at":"2018-12-04T08:21:43.000Z","size":2463,"stargazers_count":27,"open_issues_count":0,"forks_count":6,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-24T20:22:14.974Z","etag":null,"topics":["apple","dos-attack","exploit"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/farisv.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-11-02T08:29:29.000Z","updated_at":"2025-01-18T19:09:44.000Z","dependencies_parsed_at":"2023-06-01T02:30:16.986Z","dependency_job_id":null,"html_url":"https://github.com/farisv/AppleDOS","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farisv%2FAppleDOS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farisv%2FAppleDOS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farisv%2FAppleDOS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/farisv%2FAppleDOS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/farisv","download_url":"https://codeload.github.com/farisv/AppleDOS/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248317348,"owners_count":21083519,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apple","dos-attack","exploit"],"created_at":"2024-11-24T17:11:52.959Z","updated_at":"2025-04-10T23:34:14.324Z","avatar_url":"https://github.com/farisv.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AppleDOS (CVE-2018-4407)\n\nBased on CVE-2018-4407 (https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407), this [tweet](https://twitter.com/ihackbanme/status/1057811965945376768), and this [video](https://twitter.com/kevin_backhouse/status/1057352656560287746). The bug is heap overflow vulnerability in bad packet handling when OS try to send ICMP message containing segments from bad packet back to the sender.\n\n![](demo.gif)\n\nThis POC will crashes the vulnerable Apple devices by sending bad TCP packet data containing long TCP/IP header options to overflow the ICMP message when device try to send out the error message. You need the ability to send network packet data directly to the device (e.g. on the same local network).\n\nThe following operating system versions and devices are vulnerable:\n- Apple iOS 11 and earlier: all devices\n- Apple macOS High Sierra, up to and including 10.13.6: all devices\n- Apple macOS Sierra, up to and including 10.12.6: all devices\n- Apple OS X El Capitan and earlier: all devices\n\n## WARNING\n\nFOR EDUCATIONAL PURPOSES ONLY. DO NOT USE THIS SCRIPT FOR ILLEGAL ACTIVITIES. THE AUTHOR IS NOT RESPONSIBLE FOR ANY MISUSE OR DAMAGE.\n\n## Example\n\nMake sure you have Python 3 and scapy.\n\n```\npip install scapy\n# or\npip3 install scapy\n```\n\nYou may need to run the script as root.\n\nSend bad packet to 192.168.1.0/24 subnet.\n\n```\nsudo ./appledos.py 192.168.1.0/24\n```\n\nShows IP after packet sent.\n\n```\nsudo ./appledos.py --verbose 192.168.1.0/24\n```\n\nSend bad packet to 192.168.1.0/24 subnet continuously.\n\n```\nsudo ./appledos.py --continuous 192.168.1.0/24\n```\n\nChange destination port (default: 80). You can change to any port since devices will respond to any incoming packet to any port but you may want to concern about port blocking or firewall in the host or network.\n\n```\nsudo ./appledos.py --continuous --port 22 192.168.1.0/24\n```\n\nSend bad packet to only one IP.\n\n```\nsudo ./appledos.py 192.168.1.118\n```\n\nSet maximum workers (default: 100).\n\n```\nsudo ./appledos.py --worker 10 192.168.1.0/24\n```\n\n## Note\n\nThis script is using scapy and it has known issue for handling `/dev/bpf` (Berkeley Packet Filter) when sending packet data from OS like macOS with multi-thread. If you encounter `No /dev/bpf handle is available`, try to reduce the worker number to 1 or 2. Or, you can just use Linux like in the demonstration video.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffarisv%2Fappledos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffarisv%2Fappledos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffarisv%2Fappledos/lists"}