Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-41991 PoC — Apple watchOS 信任管理问题漏洞

Source
https://github.com/dmytrozykov/appsign
Associated Vulnerability
Title:Apple watchOS 信任管理问题漏洞 (CVE-2023-41991)
Description:A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description
iOS/macOS library that exploits CVE-2023-41991 for signing iOS applications.
File Snapshot

 [4.0K]  /data/pocs/508af38a85df094c285f15d89063087e70581c1e
├── [4.0K]  external
│   └── [4.0K]  ios
│       └── [ 38M]  libcrypto.a
├── [4.0K]  include
│   ├── [ 154]  codesign.h
│   └── [ 108]  ct_bypass.h
├── [2.7K]  Makefile
├── [   0]  README.md
├── [4.0K]  src
│   ├── [8.2K]  codesign.m
│   ├── [ 16K]  ct_bypass.c
│   ├── [ 205]  file.c
│   ├── [  59]  file.h
│   ├── [3.9K]  main.m
│   └── [4.0K]  templates
│       ├── [196K]  AppStoreCodeDirectory.h
│       ├── [ 18K]  CADetails.h
│       ├── [1.3K]  DERTemplate.h
│       └── [ 27K]  TemplateSignatureBlob.h
└── [4.0K]  third-party
    └── [4.0K]  ChOma

7 directories, 14 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →