Skip to content

wh1te4ever/WebKit-Bug-256172

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
stage1
stage1
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
helper.js
helper.js
 
 
index.html
index.html
 
 
int64.js
int64.js
 
 
pwn.js
pwn.js
 
 
server.py
server.py
 
 
stage1.js
stage1.js
 
 
utils.js
utils.js
 
 

Repository files navigation

WebKit-Bug-256172

Safari 1day RCE Exploit, might be patched in iOS 16.5.1/macOS 13.4.1
Confirmed exploit works on macOS 13.3.1, iOS 15.8.2.

Description

Currently only works on macOS 13.0.1 (x86_64) due to hardcoded offsets.

  • Implemented addrof/fakeobj, r/w primitive
  • Patch SecurityOrigin->m_universalAccess to 1
  • Load stage1.bin by JIT Execution

Credit

  • ENKI WhiteHat for original PoC with detail writeup
  • saelo's jscpwn module
  • ret2 for building stage1.bin shellcode

Demo

Disclaimer

This repository is intended solely for educational purposes and should not be used for any malicious activities.
There's no way responsible for me to any misuse of this PoC.

About

Safari 1day RCE Exploit

Resources

Readme
Activity

Stars

91 stars

Watchers

4 watching

Forks

21 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages