CVE-2023-42931 PoC — Apple macOS Sonoma 安全漏洞

Source

https://github.com/d0rb/CVE-2023-42931

Associated Vulnerability

Title:Apple macOS Sonoma 安全漏洞 (CVE-2023-42931)
Description:Apple macOS Sonoma是美国苹果（Apple）公司的一个桌面操作系统。 Apple macOS Sonoma 14.2 版本存在安全漏洞，该漏洞源于进程可能在没有适当身份验证的情况下获得管理员权限。

Description

The exploit targets a critical privilege escalation vulnerability in macOS versions Monterey, Ventura, and Sonoma.

Readme

<div align="center">


 #  🇮🇱  **#BringThemHome #NeverAgainIsNow**   🇮🇱

**We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home.
https://stories.bringthemhomenow.net/**
</div>
  
# macOS Privilege Escalation Exploit :computer:

I wrote this PoC based on this article  : https://www.alter-solutions.fr/blog/local-privilege-escalating-my-way-to-root-throught-apple-macos-filesystems

This repository contains an exploit script targeting a critical privilege escalation vulnerability (CVE-2023-42931) affecting macOS versions Monterey, Ventura, and Sonoma. 🚨

## Vulnerability Description :warning:

The vulnerability allows unprivileged users to gain full root control over the system by exploiting the "diskutil" command line utility. This poses a significant security risk to affected macOS systems. :lock:

## Exploit Overview :rocket:

The exploit script leverages the "diskutil" command to mount filesystems with specific options, enabling the attacker to escalate their privileges. It involves creating a setuid shell payload, modifying filesystem permissions, copying the payload to a placeholder file, setting permissions and setuid bit, and executing the payload to gain root access. :boom:

## Usage :hammer_and_wrench:

1. Clone the repository.
2. Execute the exploit script.
3. Follow the on-screen instructions.

## Disclaimer :warning:

This exploit script is provided for educational purposes only. Use it at your own risk. The author takes no responsibility for any misuse or damage caused by this script. :warning:

## Credits :clap:

Special thanks to Yann Gascuel (Alter Solutions) for identifying and detailing the vulnerability. :pray:

## License :page_with_curl:

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. :memo:

File Snapshot


 [4.0K]  /data/pocs/6c2d5473d26db7e15b0eb9d25d0fd86cae93598f
├── [1.8K]  PoC.py
└── [1.9K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!