15 lines
667 B
Plaintext
15 lines
667 B
Plaintext
|
|
rule Exploit_iPhoneOS_CVE-2020-3837_A_MTB{
|
|
meta:
|
|
description = "Exploit:iPhoneOS/CVE-2020-3837.A!MTB,SIGNATURE_TYPE_MACHOHSTR_EXT,04 00 04 00 05 00 00 "
|
|
|
|
strings :
|
|
$a_00_0 = {6f 6f 62 5f 74 69 6d 65 73 74 61 6d 70 } //1 oob_timestamp
|
|
$a_00_1 = {49 4f 41 63 63 65 6c 43 6f 6d 6d 61 6e 64 51 75 65 75 65 32 } //1 IOAccelCommandQueue2
|
|
$a_00_2 = {74 66 70 30 3a 20 30 78 25 78 } //1 tfp0: 0x%x
|
|
$a_00_3 = {3a 2f 2f 64 65 73 74 79 79 2e 63 6f 6d 2f 77 42 30 4e 79 4a } //1 ://destyy.com/wB0NyJ
|
|
$a_00_4 = {61 64 42 61 73 65 55 52 4c } //1 adBaseURL
|
|
condition:
|
|
((#a_00_0 & 1)*1+(#a_00_1 & 1)*1+(#a_00_2 & 1)*1+(#a_00_3 & 1)*1+(#a_00_4 & 1)*1) >=4
|
|
|
|
} |