https://github.com/ntfargo/uaf-2023-28205

PoC CVE-2023-28205: Apple WebKit Use-After-Free Vulnerability
https://github.com/ntfargo/uaf-2023-28205

apple playstation poc ps4 ps5 use-after-free vulnerability webkit

Last synced: 3 months ago
JSON representation

PoC CVE-2023-28205: Apple WebKit Use-After-Free Vulnerability

Host: GitHub
URL: https://github.com/ntfargo/uaf-2023-28205
Owner: ntfargo
License: mit
Created: 2024-11-30T12:25:47.000Z (11 months ago)
Default Branch: main
Last Pushed: 2024-12-01T16:08:19.000Z (11 months ago)
Last Synced: 2025-07-03T02:58:51.815Z (3 months ago)
Topics: apple, playstation, poc, ps4, ps5, use-after-free, vulnerability, webkit
Language: JavaScript
Homepage: https://ntfargo.github.io/uaf-2023-28205/
Size: 17.6 KB
Stars: 13
Watchers: 2
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# CVE-2023-28205: Apple WebKit Use-After-Free Vulnerability

This vulnerability can be exploited through maliciously crafted web content, allowing attackers to execute arbitrary code.

## Description

The code triggers a use-after-free (UAF) vulnerability by delaying the addition of `Map` and `Date` objects, which allows the garbage collector (GC) to free them. This can potentially lead to accessing freed objects, causing memory corruption or enabling exploits.

## References

- [WebKit Commit c9880de4a28b9a64a5e1d0513dc245d61a2e6ddb](https://github.com/WebKit/WebKit/commit/c9880de4a28b9a64a5e1d0513dc245d61a2e6ddb)

CVE-2023-28205: Clément Lecigne of Google's Threat Analysis Group and Donncha Ó Cearbhaill of Amnesty International’s Security Lab

Thanks to abc for the proof of concept example.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/ntfargo/uaf-2023-28205

Awesome Lists containing this project

README