Versions (3)
Version DetailsCurrent
Rev: 3 • Apr 23, 2020, 12:00 PMET EXPLOIT Possible iOS MobileMail OOB Write/Heap Overflow Exploit Email (Inbound)
alert smtp $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible iOS MobileMail OOB Write/Heap Overflow Exploit Email (Inbound)"; flow:established,to_server; content:"AAAAAAAA"; content:"AAAAATEy"; content:"EA"; pcre:"/^(?:\\r\\n|\x0d\x0a)AABI/R"; content:"$|0e ce a0 d4 c7 cb 08|"; content:"T8hlGOo9"; content:"OKl2N"; pcre:"/^(?:\\r\\n|\x0d\x0a)C/R"; content:!"|0d 0a|/9j/4S"; reference:url,blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/; classtype:attempted-admin; sid:2030006; rev:3; metadata:attack_target Mobile_Client, created_at 2020_04_23, deployment Perimeter, confidence Medium, signature_severity Major, updated_at 2020_05_01;)
Apr 23, 2020, 12:00 PM
May 1, 2020, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules