WebKit-Bug-256172

WebKit-Bug-256172

This repository contains a proof of concept (PoC) for a Safari 1day Remote Code Execution (RCE) exploit. It is intended solely for educational purposes and should not be used for any malicious activities. The exploit has been confirmed to work on macOS 13.3.1 and iOS 15.8.2, but may be patched in later versions (iOS 16.5.1/macOS 13.4.1). Currently, it only works on macOS 13.0.1 (x86_64) due to hardcoded offsets.

Key Features

• Educational Purpose: Designed for learning and understanding security vulnerabilities.
• Confirmed Exploit: Works on specific versions of macOS and iOS.
• Community Contribution: Open for contributions and improvements from the community.

Benefits

• Understanding Security: Helps developers and security researchers understand RCE vulnerabilities in Safari.
• Research and Development: Useful for those studying exploit development and security research.

Highlights

• Languages Used: JavaScript, Python, HTML, C, and Makefile.
• Community Engagement: Encourages feedback and contributions from users.