0-day Exploit Code used by by Ret2 Systems at PWN2OWN 2018 And Blog Post

TechLord · #1 08-30-2018, 08:03

PWN2OWN 2018 - Safari + Root:

Exploit Code released today.

This repo contains exploit code as used by Ret2 Systems at PWN2OWN 2018. It has been released for educational purposes, detailed by a series of blogposts.

These were used as zero-day exploits against macOS 10.13.3 & Safari/JSC for PWN2OWN 2018.

They exploited two previously unknown vulnerabilities in Apple software to achieve remote code execution as root through a single click in the Safari Web Browser.

Contents:

/jsc - JavaScriptCore Exploit & PoC for CVE-2018-4192
/windowserver - WindowServer Exploit & PoC for CVE-2018-4193

Repo:

Quote:

https://github.com/ret2/P2O_2018

Blog Post:

Quote:

https://blog.ret2.io/2018/06/05/pwn2own-2018-exploit-development/

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Code execution exploit to run Doom inside Doom (for DOS)	CarrotStickCam	Source Code	0	11-04-2022 01:47
Interesting blog from Endgame on disarming Control Flow Guard in exploits	MOV_EDI_EDI	General Discussion	0	04-27-2017 07:57
Reverse Engineering WMF Exploit Code	lownoise	General Discussion	0	01-19-2006 20:09
Matt Pietrek's blog	disrupt0r	General Discussion	1	07-11-2004 14:55

The Following 6 Users Say Thank You to TechLord For This Useful Post:
chessgod101 (08-30-2018), dila (08-31-2018), nimaarek (09-08-2018), p4r4d0x (08-30-2018), Ragnarok (08-31-2018), tonyweb (08-31-2018)