CVE-2023-42860 PoC — Apple macOS Monterey 安全漏洞

Source

https://github.com/Trigii/CVE-2023-42860

Associated Vulnerability

Title:Apple macOS Monterey 安全漏洞 (CVE-2023-42860)
Description:A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to modify protected parts of the file system.

Description

Exploit for CVE-2023-42860

Readme

# CVE-2023-42860
Exploit for [CVE-2023-42860](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) (for research purposes only).

This exploit works for versions of macOS earlier to 13.3, even though [Apple´s changelog](https://support.apple.com/en-us/HT213984) says it was fixed in version 14.1.

## Steps
1. [Download](https://mrmacintosh.com/macos-ventura-13-full-installer-database-download-directly-from-apple/) the InstallAssistant.pkg
2. Modify the variable `TARGET_FILE` to a SIP protected file (default target is the system TCC database).
3. Run the exploit as **root**:
```sh
$ ./exploit.sh PATH_TO_PKG
```
4. You should now see that the **restricted flag** from the file has been **removed** and be able to modify the SIP protected file directly. Alternatively, you could modify the SIP protected file through `/Applications/Install\ macOS\ Ventura.app/Contents/SharedSupport/SharedSupport.dmg`. The file has to be modified as the **root user**.

## Reference
https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts

File Snapshot


 [4.0K]  /data/pocs/73a7705676003f2daba77b3d3494dd5c3cdf65b4
├── [1.9K]  exploit.c
├── [1.5K]  exploit.sh
├── [1.0K]  README.md
└── [ 158]  resettcc.sh

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!