0-day Exploit Code used by by Ret2 Systems at PWN2OWN 2018 And Blog Post

TechLord · #1 08-30-2018, 08:03

PWN2OWN 2018 - Safari + Root:

Exploit Code released today.

This repo contains exploit code as used by Ret2 Systems at PWN2OWN 2018. It has been released for educational purposes, detailed by a series of blogposts.

These were used as zero-day exploits against macOS 10.13.3 & Safari/JSC for PWN2OWN 2018.

They exploited two previously unknown vulnerabilities in Apple software to achieve remote code execution as root through a single click in the Safari Web Browser.

Contents:

/jsc - JavaScriptCore Exploit & PoC for CVE-2018-4192
/windowserver - WindowServer Exploit & PoC for CVE-2018-4193

Repo:

Quote:

https://github.com/ret2/P2O_2018

Blog Post:

Quote:

https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Code execution exploit to run Doom inside Doom (for DOS)	CarrotStickCam	Source Code	0	11-04-2022 01:47
Interesting blog from Endgame on disarming Control Flow Guard in exploits	MOV_EDI_EDI	General Discussion	0	04-27-2017 07:57
Reverse Engineering WMF Exploit Code	lownoise	General Discussion	0	01-19-2006 20:09
Matt Pietrek's blog	disrupt0r	General Discussion	1	07-11-2004 14:55

The Following 6 Users Say Thank You to TechLord For This Useful Post:
chessgod101 (08-30-2018), dila (08-31-2018), nimaarek (09-08-2018), p4r4d0x (08-30-2018), Ragnarok (08-31-2018), tonyweb (08-31-2018)