CVE-2023-42860 PoC — Apple macOS Monterey 安全漏洞

Source

https://github.com/Trigii/CVE-2023-42860

Associated Vulnerability

Title:Apple macOS Monterey 安全漏洞 (CVE-2023-42860)
Description:Apple macOS Monterey是美国苹果（Apple）公司的用于麦金塔桌面操作系统macOS的第18个主要版本。 Apple macOS Monterey 存在安全漏洞，该漏洞源于应用程序可能能够修改文件系统的受保护部分。

Description

Exploit for CVE-2023-42860

Readme

# CVE-2023-42860
Exploit for [CVE-2023-42860](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) (for research purposes only).

This exploit works for versions of macOS earlier to 13.3, even though [Apple´s changelog](https://support.apple.com/en-us/HT213984) says it was fixed in version 14.1.

## Steps
1. [Download](https://mrmacintosh.com/macos-ventura-13-full-installer-database-download-directly-from-apple/) the InstallAssistant.pkg
2. Modify the variable `TARGET_FILE` to a SIP protected file (default target is the system TCC database).
3. Run the exploit as **root**:
```sh
$ ./exploit.sh PATH_TO_PKG
```
4. You should now see that the **restricted flag** from the file has been **removed** and be able to modify the SIP protected file directly. Alternatively, you could modify the SIP protected file through `/Applications/Install\ macOS\ Ventura.app/Contents/SharedSupport/SharedSupport.dmg`. The file has to be modified as the **root user**.

## Reference
https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts

File Snapshot


 [4.0K]  /data/pocs/73a7705676003f2daba77b3d3494dd5c3cdf65b4
├── [1.9K]  exploit.c
├── [1.5K]  exploit.sh
├── [1.0K]  README.md
└── [ 158]  resettcc.sh

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!