Exploit for CVE-2023-42860 (for research purposes only).
This exploit works for versions of macOS earlier to 13.3, even though Apple´s changelog says it was fixed in version 14.1.
- Download the InstallAssistant.pkg
- Modify the variable
TARGET_FILE
on theexploit.sh
file to a SIP protected file on the system (default target is the system TCC database). - Run the exploit as root:
$ ./exploit.sh PATH_TO_PKG
- You should now see that the restricted flag from the file has been removed and be able to modify the SIP protected file directly. Alternatively, you could modify the SIP protected file through
/Applications/Install\ macOS\ Ventura.app/Contents/SharedSupport/SharedSupport.dmg
. The file has to be modified as the root user.
https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts