Share
## https://sploitus.com/exploit?id=6377AEAC-4C17-5D54-8DAE-BC080509D477
# CVE-2023-42860
Exploit for [CVE-2023-42860](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) (for research purposes only).

This exploit works for versions of macOS earlier to 13.3, even though [Apple´s changelog](https://support.apple.com/en-us/HT213984) says it was fixed in version 14.1.

## Steps
1. [Download](https://mrmacintosh.com/macos-ventura-13-full-installer-database-download-directly-from-apple/) the InstallAssistant.pkg
2. Modify the variable `TARGET_FILE` to a SIP protected file (default target is the system TCC database).
3. Compile the exploit:
```sh
$ gcc exploit.c -o exploit -lpthread
```
4. Run the exploit:
```sh
$ ./exploit PATH_TO_PKG
```
5. You should now be able to modify the SIP protected file through `/Applications/Install\ macOS\ Ventura.app/Contents/SharedSupport/SharedSupport.dmg` as the root user.

## Reference
https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts