CNNVD-202506-3306 Information
CNNVD ID
CNNVD-202506-3306
Related CVE
- CNNVD Published: 2025-06-26
Description (Chinese)
iOS Simulator MCP Server是Joshua Yoes个人开发者的一个用于与iOS模拟器交互的MCP服务器。 iOS Simulator MCP Server 1.3.3之前版本存在操作系统命令注入漏洞,该漏洞源于部分MCP Server工具定义和实现存在命令注入漏洞。
Description (English)
iOS Simulator MCP Server is an MCP server used by Joshua Yoes personal developers to interact with iOS simulators. Prior to the version of iOS Simulator MCP Server 1.3.3, there was a gap in the operating system command, which originated in the partial definition of the MCP Server tool and in the introduction of the existence of the command.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
Live Support
Published
2025-06-26
Last Modified
2026-02-24
References
https://github.com/joshuayoes/ios-simulator-mcp/blob/main/src/index.ts#L166-L207 https://github.com/joshuayoes/ios-simulator-mcp/commit/eb53a4f2cc8bbeb13e8d6d930f00167befcdb809 https://github.com/joshuayoes/ios-simulator-mcp/releases/tag/v1.3.3 https://github.com/joshuayoes/ios-simulator-mcp/security/advisories/GHSA-6f6r-m9pv-67jw
Patch
https://github.com/joshuayoes/ios-simulator-mcp/releases
Share on: