Thread: 0-day Exploit Code used by by Ret2 Systems at PWN2OWN 2018 And Blog Post
View Single Post
  #1  
Old 08-30-2018, 08:03
TechLord TechLord is offline
Banned User
  
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 759
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,022 Times in 571 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
0-day Exploit Code used by by Ret2 Systems at PWN2OWN 2018 And Blog Post
PWN2OWN 2018 - Safari + Root:

Exploit Code released today.

This repo contains exploit code as used by Ret2 Systems at PWN2OWN 2018. It has been released for educational purposes, detailed by a series of blogposts.

These were used as zero-day exploits against macOS 10.13.3 & Safari/JSC for PWN2OWN 2018.

They exploited two previously unknown vulnerabilities in Apple software to achieve remote code execution as root through a single click in the Safari Web Browser.

Contents:
  • /jsc - JavaScriptCore Exploit & PoC for CVE-2018-4192
  • /windowserver - WindowServer Exploit & PoC for CVE-2018-4193

Repo:
Quote:
https://github.com/ret2/P2O_2018
Blog Post:
Quote:
https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/
Reply With Quote
The Following 6 Users Say Thank You to TechLord For This Useful Post:
chessgod101 (08-30-2018), dila (08-31-2018), nimaarek (09-08-2018), p4r4d0x (08-30-2018), Ragnarok (08-31-2018), tonyweb (08-31-2018)