CVE-2022-22620 PoC — Apple多款产品资源管理错误漏洞

Source

https://github.com/springsec/CVE-2022-22620

Associated Vulnerability

Title:Apple多款产品资源管理错误漏洞 (CVE-2022-22620)
Description:Apple Safari等都是美国苹果（Apple）公司的产品。Apple Safari是一款Web浏览器，是Mac OS X和iOS操作系统附带的默认浏览器。Apple iPadOS是一套用于iPad平板电脑的操作系统。Apple macOS Monterey是用于麦金塔桌面操作系统macOS的第18个主要版本。 Apple多款产品存在资源管理错误漏洞，该漏洞源于在 WebKit 中处理 HTML 内容时出现 use-after-free 错误。远程攻击者可以诱骗受害者访问特制网页，触发 use-aft

Description

Webkit (Safari) - Exploit

Readme

# CVE-2022-22620 - "Zombie"
Use-after-free in Safari
Infoleak Exploit - leak an address of a JSObject


Tested on webkitgtk-2.34.3 (UBUNTU64) : https://webkitgtk.org/releases/webkitgtk-2.34.3.tar.xz

Original PoC by Google Project Zero: 
                                      https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-22620.html

File Snapshot


 [4.0K]  /data/pocs/469365cc6657c2a62bf92289bebcbfbbb444aa7e
├── [2.2K]  CVE-2022-22620_infoleak_exploit.html
├── [ 502]  README.md
└── [ 56K]  Screenshot.png

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!