Skip to content

0x06060606/CVE-2023-41993

Repository files navigation

GitHub Pages

CVE-2023-41993 Exploit PoC

This repository contains a Proof of Concept (PoC) exploit for the CVE-2023-41993 vulnerability.

This PoC demonstrates limited read/write primitives based on the PoC released by po6ix.

Demo of this PoC can be found here.

Please make an issue if you have any questions, suggestions, or concerns. :) <3

Tested Devices

  • iPhone 14 Pro Max (iOS 17.0 Beta 2)

Usage

# Clone this repository
git clone https://github.com/0x06060606/CVE-2023-41993.git
# Go into the repository directory
cd CVE-2023-41993
# Install dependencies
pip3 install -r requirements.txt
# Start the server
python3 server.py
# Open Safari and navigate to
# http://<your-ip>:8080

Vulnerability Details

CVE-2023-41993 is a critical vulnerability rooted in the WebKit browser engine, affecting various Apple products. It allows for arbitrary code execution upon processing malicious web content. More details can be found in the advisory and WebKit's commit addressing the issue.

Exploit Overview

This PoC demonstrates arbitrary read/write primitives, advancing the exploitation of CVE-2023-41993. The core part of this exploit revolves around manipulating JavaScriptCore's behavior to achieve a controlled memory corruption, which can then be escalated to arbitrary read and write primitives.

Acknowledgements

  • po6ix for the original PoC
  • Apple for vulnerability details
  • WebKit for addressing the vulnerability

Disclaimer

This PoC is intended for educational purposes only. This PoC is not intended to be used for malicious purposes. I am in no way responsible for any misuse of this PoC.

License

This PoC is licensed under the MIT License.