{"vulnerability": "CVE-2023-23536", "sightings": [{"uuid": "5f57e054-8779-4da1-814f-44ba6a70a670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23536", "type": "exploited", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/2772", "content": "\ud83c\udfa9 kfd,(kernel file descriptor) is a project to read and write kernel memory on Apple devices. It leverages various vulnerabilities that can be exploited to obtain dangling PTEs, which will be referred to as a PUAF primitive, short for \"physical use-after-free\". Then, it reallocates certain kernel objects inside those physical pages and manipulates them directly from user space through the dangling PTEs in order to achieve a KRKW primitive, short for \"kernel read/write\". The exploit code is fully contained in a library, libkfd, but the project also contains simple executable wrappers for iOS and macOS.\n\n\ud83c\udfa9CVE-2023-32434 exploitation(XNU 0-day ITW actively exploited)\n\n\ud83c\udfa9CVE-2023-23536 exploitation", "creation_timestamp": "2023-07-22T09:08:30.000000Z"}, {"uuid": "95c404c2-ed60-48cd-9d35-1edf73b1dcec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23536", "type": "seen", "source": "https://t.me/cibsecurity/63475", "content": "\u203c CVE-2023-23536 \u203c\n\nThe issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-09T00:38:19.000000Z"}]}