|
#1
|
|||
|
|||
0-day Exploit Code used by by Ret2 Systems at PWN2OWN 2018 And Blog Post
PWN2OWN 2018 - Safari + Root:
Exploit Code released today. This repo contains exploit code as used by Ret2 Systems at PWN2OWN 2018. It has been released for educational purposes, detailed by a series of blogposts. These were used as zero-day exploits against macOS 10.13.3 & Safari/JSC for PWN2OWN 2018. They exploited two previously unknown vulnerabilities in Apple software to achieve remote code execution as root through a single click in the Safari Web Browser. Contents:
Repo: Quote:
Quote:
|
#2
|
|||||
|
|||||
Part 2 of the blog post:
Quote:
Timeless Debugging of Complex Software: Root Cause Analysis of a Non-Deterministic JavaScriptCore Bug Quote:
Quote:
Quote:
Quote:
|
The Following User Says Thank You to chants For This Useful Post: | ||
tonyweb (08-31-2018) |
#3
|
|||
|
|||
The blog post that I quoted there was only mentioned in relation to the exploit code being released yesterday.
The actual code used in the exploit was not released earlier, and thus I'd quoted the blog post so that one could see the exploit code itself in context to the blog post article. Otherwise the rest of the blog posts (part 2 etc) were not relevant to the exploit code released yesterday. That was why I intentionally did not post the links to them there. |
#4
|
|||
|
|||
If one were to care to read the post it is more about discussing the process the authors went through not any mere code dump. In fact the code is not referenced on the blog but plans for the other 5 blog entries is. And that is merely the overview and introductory post. That is why it looks very incomplete to only post the first post. However, in the flurry of formatting and cut-and-paste from a PR anything is possible.
A very interesting and informative read by the way, if one were to sit back and give it a close eye. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Interesting blog from Endgame on disarming Control Flow Guard in exploits | MOV_EDI_EDI | General Discussion | 0 | 04-27-2017 07:57 |
Numbering Systems | TmC | General Discussion | 1 | 08-02-2006 14:16 |
Reverse Engineering WMF Exploit Code | lownoise | General Discussion | 0 | 01-19-2006 20:09 |
Matt Pietrek's blog | disrupt0r | General Discussion | 1 | 07-11-2004 14:55 |