Two groups of hackers demonstrated zero-day exploits of Apple's Safari web browser at Pwn2Own Vancouver 2019 yesterday with one of the exploits leading to a complete system compromise.The Fluoroacetate team, consisting of Amat Cama and Richard Zhu, Success fully exploited the browser and escaped the sandbox by using an integer overflow in the browser and a heap overflow. The attempt nearly took the entire allowed time because they used a brute force technique during the sandbox escape. The code would fail then try again until it succeeded. The demonstration earned them $55,000 USD and 5 points towards Master of Pwn.
Ending the day, phoenhex & qwerty team (@_niklasb @qwertyoruiopz and @bkth_) targeting Apple Safari with a kernel elevation. Browsing to a website, the team triggered a JIT bug followed by a heap out-of-bounds (OOB) read – used twice – then pivoted from root to kernel via a Time-of-Check-Time-of-Use (TOCTOU) bug. Despite achieving complete system compromise it was only a partial win since Apple already knows about one of the bugs used. They earned $45,000 USD and 4 points towards Master of Pwn.
Share Article:
Facebook, Twitter, LinkedIn, Google Plus, Email, Reddit, Digg, Delicious, StumbleUpon
Follow iClarified:
Facebook, Twitter, LinkedIn, Google Plus, Newsletter, App Store, YouTube
Post a Comment