POC
For research purposes only!
A public collection of POCs & Exploits for the vulnerabilities I discovered.
- CVE-2022-22583 PackageKit: An application may be able to access restricted files (SIP Bypass)
- CVE-2022-26690 PackageKit: A malicious application may be able to modify protected parts of the file system (SIP Bypass)
- CVE-2022-32800 PackageKit: An app may be able to modify protected parts of the file system (SIP Bypass)
- CVE-2022-26728 SoftwareUpdate: A malicious application may be able to access restricted files (TCC Bypass)
- CVE-2022-22616 Safari Downloads: A maliciously crafted ZIP archive may bypass Gatekeeper checks (Gatekeeper Bypass)
- CVE-2022-22639 SoftwareUpdate: An application may be able to gain elevated privileges
- CVE-2022-26712 PackageKit: A malicious application may be able to modify protected parts of the file system (SIP Bypass)
- CVE-2022-32786 PackageKit: An app may be able to modify protected parts of the file system (SIP Bypass)
- CVE-2023-23525 LaunchServices: An app may be able to gain root privileges