Exploit for CVE-2023-42860 (for research purposes only).
This exploit works for versions of macOS earlier to 13.3, even though Apple´s changelog says it was fixed in version 14.1.
- Download the InstallAssistant.pkg
- Modify the variable
TARGET_FILEto a SIP protected file (default target is the system TCC database). - Compile the exploit:
$ gcc exploit.c -o exploit -lpthread- Run the exploit:
$ ./exploit PATH_TO_PKG- You should now be able to modify the SIP protected file through
/Applications/Install\ macOS\ Ventura.app/Contents/SharedSupport/SharedSupport.dmgas the root user.
https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts