Researchers created a PoC exploit for Safari CVE-2022-26717 bug
Theori researchers have created a working PoC exploit for the recently patched CVE-2022-26717 vulnerability affecting Apple Safari product. This vulnerability classified as critical has been found in Apple macOS up to 12.3. It affects an unknown part of the component WebKit. The manipulation leads to memory corruption. An attacker could use the exploit to achieve arbitrary code execution by processing maliciously crafted web content. “A use after free issue was addressed with improved memory management,” reads the advisory published by Apple. This flaw was reported by Jeonghoon Shin of Theori.
- CVE-2022-26716/CVE-2022-26719: A memory corruption issue was addressed with improved state management.
- CVE-2022-26700: A memory corruption issue was addressed with improved state management.
- CVE-2022-26709: A use after free issue was addressed with improved memory management.
The bad news is that the researchers will publicly release their PoC exploit code which is hosted on Github.