CVE-2023-28205 PoC — Apple Safari 资源管理错误漏洞

Source

Associated Vulnerability

Description

PoC CVE-2023-28205: Apple WebKit Use-After-Free Vulnerability

Readme

# CVE-2023-28205: Apple WebKit Use-After-Free Vulnerability

This vulnerability can be exploited through maliciously crafted web content, allowing attackers to execute arbitrary code.

## Description

The code triggers a use-after-free (UAF) vulnerability by delaying the addition of `Map` and `Date` objects, which allows the garbage collector (GC) to free them. This can potentially lead to accessing freed objects, causing memory corruption or enabling exploits.

## References

- [WebKit Commit c9880de4a28b9a64a5e1d0513dc245d61a2e6ddb](https://github.com/WebKit/WebKit/commit/c9880de4a28b9a64a5e1d0513dc245d61a2e6ddb)
 
CVE-2023-28205: Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

Thanks to abc for the proof of concept example.

File Snapshot

 [4.0K]  /data/pocs/536a11e3f9252d7e2c227ad3ceeddfcb951ca37d
├── [ 524]  index.html
├── [1.0K]  LICENSE
├── [4.0K]  module
│   ├── [5.9K]  chain.mjs
│   ├── [ 773]  constants.mjs
│   ├── [5.5K]  int64.mjs
│   ├── [5.6K]  mem.mjs
│   ├── [8.4K]  memtools.mjs
│   ├── [1.1K]  offset.mjs
│   ├── [2.9K]  rw.mjs
│   └── [2.1K]  utils.mjs
├── [1.7K]  poc.js
├── [ 808]  README.md
└── [ 223]  server.py

1 directory, 13 files

Remarks