Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-41993 PoC — Apple Safari 代码问题漏洞

Source
https://github.com/0x06060606/CVE-2023-41993
Associated Vulnerability
Title:Apple Safari 代码问题漏洞 (CVE-2023-41993)
Description:Apple Safari是美国苹果(Apple)公司的一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器。 Safari 16.6.1之前版本存在代码问题漏洞,该漏洞源于在处理网页内容时可能会导致任意代码执行。
Description
CVE-2023-41993
Readme
[![GitHub Pages](https://github.com/0x06060606/CVE-2023-41993/actions/workflows/static.yml/badge.svg?branch=main)](https://github.com/0x06060606/CVE-2023-41993/actions/workflows/static.yml)
# CVE-2023-41993 Exploit PoC

This repository contains a Proof of Concept (PoC) exploit for the CVE-2023-41993 vulnerability.

This PoC demonstrates limited read/write primitives based on the PoC released by [po6ix](https://github.com/po6ix/POC-for-CVE-2023-41993).

Demo of this PoC can be found [here](https://0x06060606.github.io/CVE-2023-41993/pwn.html).

Please make an issue if you have any questions, suggestions, or concerns. :) <3

## Tested Devices

* iPhone 14 Pro Max (iOS 17.0 Beta 2)

## Usage

```bash
# Clone this repository
git clone https://github.com/0x06060606/CVE-2023-41993.git
# Go into the repository directory
cd CVE-2023-41993
# Install dependencies
pip3 install -r requirements.txt
# Start the server
python3 server.py
# Open Safari and navigate to
# http://<your-ip>:8080
```

## Vulnerability Details

CVE-2023-41993 is a critical vulnerability rooted in the WebKit browser engine, affecting various Apple products. It allows for arbitrary code execution upon processing malicious web content. More details can be found in the [advisory](https://support.apple.com/en-us/HT213926) and [WebKit's commit](https://github.com/WebKit/WebKit/commit/08d5d17c766ffc7ca6a7c833c5720eb71b427784) addressing the issue.

## Exploit Overview

This PoC demonstrates arbitrary read/write primitives, advancing the exploitation of CVE-2023-41993. The core part of this exploit revolves around manipulating JavaScriptCore's behavior to achieve a controlled memory corruption, which can then be escalated to arbitrary read and write primitives.

## Acknowledgements

* [po6ix](https://github.com/po6ix/POC-for-CVE-2023-41993) for the original PoC
* [Apple](https://support.apple.com/en-us/HT213926) for vulnerability details
* [WebKit](https://github.com/WebKit/WebKit/commit/08d5d17c766ffc7ca6a7c833c5720eb71b427784) for addressing the vulnerability

## Disclaimer

This PoC is intended for educational purposes only. This PoC is not intended to be used for malicious purposes. I am in no way responsible for any misuse of this PoC.

## License

This PoC is licensed under the MIT License.
File Snapshot

 [4.0K]  /data/pocs/908a0e8f90f9902858589ff99577e3f63224d3a1
├── [4.0K]  Bin
│   ├── [437K]  ideviceactivation.exe
│   ├── [579K]  idevicebackup2.exe
│   ├── [362K]  idevicebackup.exe
│   ├── [289K]  idevicebtlogger.exe
│   ├── [298K]  idevicecrashreport.exe
│   ├── [281K]  idevicedate.exe
│   ├── [301K]  idevicedebug.exe
│   ├── [288K]  idevicedebugserverproxy.exe
│   ├── [294K]  idevicedevmodectl.exe
│   ├── [287K]  idevicediagnostics.exe
│   ├── [273K]  ideviceenterrecovery.exe
│   ├── [275K]  idevice_id.exe
│   ├── [448K]  ideviceimagemounter.exe
│   ├── [279K]  ideviceinfo.exe
│   ├── [379K]  ideviceinstaller.exe
│   ├── [274K]  idevicename.exe
│   ├── [282K]  idevicenotificationproxy.exe
│   ├── [366K]  idevicepair.exe
│   ├── [460K]  ideviceprovision.exe
│   ├── [1.2M]  idevicerestore.exe
│   ├── [285K]  idevicescreenshot.exe
│   ├── [276K]  idevicesetlocation.exe
│   ├── [304K]  idevicesyslog.exe
│   ├── [281K]  inetcat.exe
│   ├── [290K]  iproxy.exe
│   ├── [300K]  irecovery.exe
│   ├── [140K]  libbrotlicommon.dll
│   ├── [ 51K]  libbrotlidec.dll
│   ├── [632K]  libbrotlienc.dll
│   ├── [ 97K]  libbz2-1.dll
│   ├── [4.7M]  libcrypto-3-x64.dll
│   ├── [736K]  libcurl-4.dll
│   ├── [1.1M]  libiconv-2.dll
│   ├── [309K]  libideviceactivation-1.0.dll
│   ├── [235K]  libidn2-0.dll
│   ├── [1.6M]  libimobiledevice-1.0.dll
│   ├── [372K]  libimobiledevice-glue-1.0.dll
│   ├── [145K]  libintl-8.dll
│   ├── [479K]  libirecovery-1.0.dll
│   ├── [179K]  liblzma-5.dll
│   ├── [208K]  libnghttp2-14.dll
│   ├── [771K]  libplist++-2.0.dll
│   ├── [862K]  libplist-2.0.dll
│   ├── [103K]  libpsl-5.dll
│   ├── [546K]  libreadline8.dll
│   ├── [514K]  libssh2-1.dll
│   ├── [639K]  libssl-3-x64.dll
│   ├── [ 44K]  libtermcap-0.dll
│   ├── [1.9M]  libunistring-5.dll
│   ├── [309K]  libusbmuxd-2.0.dll
│   ├── [1.2M]  libxml2-2.dll
│   ├── [144K]  libzip.dll
│   ├── [1.1M]  libzstd.dll
│   ├── [268K]  plistutil.exe
│   └── [117K]  zlib1.dll
├── [5.1K]  CODE_OF_CONDUCT.md
├── [4.3K]  helper.js
├── [7.1K]  int64.js
├── [1.0K]  LICENSE
├── [ 13K]  pwn.html
├── [2.2K]  README.md
├── [  49]  requirements.txt
├── [3.1K]  server.py
└── [2.1K]  util.js

1 directory, 64 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.