CVE-2023-32428

HIGH

iPadOS < 16.5 - Privilege Escalation to Root via Improved File Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-32428. PoCs published by gergelykalman.

AI-analyzed exploit summary This PoC exploits a macOS local privilege escalation vulnerability (CVE-2023-32428) via MallocStackLogging by manipulating directory structures and environment variables to gain root privileges. It leverages a race condition and symbolic link manipulation to write a sudoers file, allowing passwordless sudo access.

Description

This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.

Exploits (1)

nomisec WORKING POC 19 stars

by gergelykalman · poc

https://github.com/gergelykalman/CVE-2023-32428-a-macOS-LPE-via-MallocStackLogging

View Code ZIP pw:eip

This PoC exploits a macOS local privilege escalation vulnerability (CVE-2023-32428) via MallocStackLogging by manipulating directory structures and environment variables to gain root privileges. It leverages a race condition and symbolic link manipulation to write a sudoers file, allowing passwordless sudo access.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: macOS (specific versions affected by CVE-2023-32428)

No auth needed

Prerequisites: Local access to a vulnerable macOS system · Ability to execute arbitrary binaries

MITRE ATT&CK