CVE-2023-32413 PoC — Apple macOS Ventura 竞争条件问题漏洞

Source

https://github.com/synacktiv/CVE-2023-32413

Associated Vulnerability

Title:Apple macOS Ventura 竞争条件问题漏洞 (CVE-2023-32413)
Description:A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges.

Description

Exploit code for CVE-2023-42914 / pwn2own Vancouver 2023

Readme

# macOS LPE (CVE-2023-32413 / ZDI-23-845 / Pwn2Own Vancouver 2023) exploit

This is the exploit code that has been played at Pwn2Own Vancouver 2023 (https://youtu.be/c0cS4R0ja-I?t=180).

This code exploits [CVE-2023-32413](https://nvd.nist.gov/vuln/detail/CVE-2023-32413) to gain root rights on any vulnerable macOS. The vulnerability is a logic TOCTOU that can be used to overwrite any file that can be read. The exploit is fast, 100% reliable, give a root shell AND display an animated ascii art (🥷🔪🍎).

The vulnerability has been patched in may 2023 but the associated (partial) SIP bypass was still present ([CVE-2023-42914](https://nvd.nist.gov/vuln/detail/CVE-2023-42914)), this other bug has been fixed in december 2023.

More details can be found in the "Finding and Exploiting an Old XNU Logic Bug" presentation made at Hexacon 2023: https://www.synacktiv.ninja/sites/default/files/2024-11/finding_and_exploiting_an_old_xnu_logic_bug.pdf / https://www.youtube.com/watch?v=J2QR58JAO7Q

File Snapshot


 [4.0K]  /data/pocs/e62067a032a9f29c7f6bb8e4f8763ba84d5e17d4
├── [ 15K]  exploit.c
└── [1001]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!