Exploit for CVE-2023-42860 (for research purposes only).
This exploit works for versions of macOS earlier to 13.3, even though Apple´s changelog says it was fixed in version 14.1.
- Download the InstallAssistant.pkg
- Modify the variable
TARGET_FILE
to a SIP protected file (default target is the system TCC database). - Compile the exploit:
$ gcc exploit.c -o exploit -lpthread
- Run the exploit:
$ ./exploit PATH_TO_PKG
- You should now be able to modify the SIP protected file through
/Applications/Install\ macOS\ Ventura.app/Contents/SharedSupport/SharedSupport.dmg
as the root user.
https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts