CVE-2023-41993

GitHub Pages

CVE-2023-41993 Exploit PoC

This repository contains a Proof of Concept (PoC) exploit for the CVE-2023-41993 vulnerability.

This PoC demonstrates limited read/write primitives based on the PoC released by po6ix.

Demo of this PoC can be found here.

Please make an issue if you have any questions, suggestions, or concerns. :) <3

Tested Devices

Usage

# Clone this repository
git clone https://github.com/0x06060606/CVE-2023-41993.git
# Go into the repository directory
cd CVE-2023-41993
# Install dependencies
pip3 install -r requirements.txt
# Start the server
python3 server.py
# Open Safari and navigate to
# http://<your-ip>:8080

Vulnerability Details

CVE-2023-41993 is a critical vulnerability rooted in the WebKit browser engine, affecting various Apple products. It allows for arbitrary code execution upon processing malicious web content. More details can be found in the advisory and WebKit’s commit addressing the issue.

Exploit Overview

This PoC demonstrates arbitrary read/write primitives, advancing the exploitation of CVE-2023-41993. The core part of this exploit revolves around manipulating JavaScriptCore’s behavior to achieve a controlled memory corruption, which can then be escalated to arbitrary read and write primitives.

Acknowledgements

Disclaimer

This PoC is intended for educational purposes only. This PoC is not intended to be used for malicious purposes. I am in no way responsible for any misuse of this PoC.

License

This PoC is licensed under the MIT License.