0-day Exploit Code used by by Ret2 Systems at PWN2OWN 2018 And Blog Post
PWN2OWN 2018 - Safari + Root:
Exploit Code released today. This repo contains exploit code as used by Ret2 Systems at PWN2OWN 2018. It has been released for educational purposes, detailed by a series of blogposts. These were used as zero-day exploits against macOS 10.13.3 & Safari/JSC for PWN2OWN 2018. They exploited two previously unknown vulnerabilities in Apple software to achieve remote code execution as root through a single click in the Safari Web Browser. Contents:
Repo: Quote:
Quote:
|
Part 2 of the blog post:
Quote:
Timeless Debugging of Complex Software: Root Cause Analysis of a Non-Deterministic JavaScriptCore Bug Quote:
Quote:
Quote:
Quote:
|
The blog post that I quoted there was only mentioned in relation to the exploit code being released yesterday.
The actual code used in the exploit was not released earlier, and thus I'd quoted the blog post so that one could see the exploit code itself in context to the blog post article. Otherwise the rest of the blog posts (part 2 etc) were not relevant to the exploit code released yesterday. That was why I intentionally did not post the links to them there. |
If one were to care to read the post it is more about discussing the process the authors went through not any mere code dump. In fact the code is not referenced on the blog but plans for the other 5 blog entries is. And that is merely the overview and introductory post. That is why it looks very incomplete to only post the first post. However, in the flurry of formatting and cut-and-paste from a PR anything is possible.
A very interesting and informative read by the way, if one were to sit back and give it a close eye. |
All times are GMT +8. The time now is 11:50. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX