This repository contains a Proof of Concept (PoC) exploit for the CVE-2023-41993 vulnerability.
This PoC demonstrates limited read/write primitives based on the PoC released by po6ix.
Demo of this PoC can be found here.
Please make an issue if you have any questions, suggestions, or concerns. :) <3
- iPhone 14 Pro Max (iOS 17.0 Beta 2)
# Clone this repository
git clone https://github.com/0x06060606/CVE-2023-41993.git
# Go into the repository directory
cd CVE-2023-41993
# Install dependencies
pip3 install -r requirements.txt
# Start the server
python3 server.py
# Open Safari and navigate to
# http://<your-ip>:8080
CVE-2023-41993 is a critical vulnerability rooted in the WebKit browser engine, affecting various Apple products. It allows for arbitrary code execution upon processing malicious web content. More details can be found in the advisory and WebKit's commit addressing the issue.
This PoC demonstrates arbitrary read/write primitives, advancing the exploitation of CVE-2023-41993. The core part of this exploit revolves around manipulating JavaScriptCore's behavior to achieve a controlled memory corruption, which can then be escalated to arbitrary read and write primitives.
This PoC is intended for educational purposes only. This PoC is not intended to be used for malicious purposes. I am in no way responsible for any misuse of this PoC.
This PoC is licensed under the MIT License.