Safari 1day RCE Exploit, might be patched in iOS 16.5.1/macOS 13.4.1
Confirmed exploit works on macOS 13.3.1, iOS 15.8.2.
Currently only works on macOS 13.0.1 (x86_64) due to hardcoded offsets.
- Implemented addrof/fakeobj, r/w primitive
- Patch SecurityOrigin->m_universalAccess to 1
- Load stage1.bin by JIT Execution
- ENKI WhiteHat for original PoC with detail writeup
- saelo's jscpwn module
- ret2 for building stage1.bin shellcode
This repository is intended solely for educational purposes and should not be used for any malicious activities.