Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2023-41993 PoC — Apple Safari 代码问题漏洞

Source
https://github.com/0x06060606/CVE-2023-41993
Associated Vulnerability
Title:Apple Safari 代码问题漏洞 (CVE-2023-41993)
Description:The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Description
CVE-2023-41993
Readme
[![GitHub Pages](https://github.com/0x06060606/CVE-2023-41993/actions/workflows/static.yml/badge.svg?branch=main)](https://github.com/0x06060606/CVE-2023-41993/actions/workflows/static.yml)
# CVE-2023-41993 Exploit PoC

This repository contains a Proof of Concept (PoC) exploit for the CVE-2023-41993 vulnerability.

This PoC demonstrates limited read/write primitives based on the PoC released by [po6ix](https://github.com/po6ix/POC-for-CVE-2023-41993).

Demo of this PoC can be found [here](https://0x06060606.github.io/CVE-2023-41993/pwn.html).

Please make an issue if you have any questions, suggestions, or concerns. :) <3

## Tested Devices

* iPhone 14 Pro Max (iOS 17.0 Beta 2)

## Usage

```bash
# Clone this repository
git clone https://github.com/0x06060606/CVE-2023-41993.git
# Go into the repository directory
cd CVE-2023-41993
# Install dependencies
pip3 install -r requirements.txt
# Start the server
python3 server.py
# Open Safari and navigate to
# http://<your-ip>:8080
```

## Vulnerability Details

CVE-2023-41993 is a critical vulnerability rooted in the WebKit browser engine, affecting various Apple products. It allows for arbitrary code execution upon processing malicious web content. More details can be found in the [advisory](https://support.apple.com/en-us/HT213926) and [WebKit's commit](https://github.com/WebKit/WebKit/commit/08d5d17c766ffc7ca6a7c833c5720eb71b427784) addressing the issue.

## Exploit Overview

This PoC demonstrates arbitrary read/write primitives, advancing the exploitation of CVE-2023-41993. The core part of this exploit revolves around manipulating JavaScriptCore's behavior to achieve a controlled memory corruption, which can then be escalated to arbitrary read and write primitives.

## Acknowledgements

* [po6ix](https://github.com/po6ix/POC-for-CVE-2023-41993) for the original PoC
* [Apple](https://support.apple.com/en-us/HT213926) for vulnerability details
* [WebKit](https://github.com/WebKit/WebKit/commit/08d5d17c766ffc7ca6a7c833c5720eb71b427784) for addressing the vulnerability

## Disclaimer

This PoC is intended for educational purposes only. This PoC is not intended to be used for malicious purposes. I am in no way responsible for any misuse of this PoC.

## License

This PoC is licensed under the MIT License.
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →