Two Safari Exploits Demonstrated at Pwn2Own Vancouver 2019, One Resulted in Complete System Compromise [Video]

Two Safari Exploits Demonstrated at Pwn2Own Vancouver 2019, One Resulted in Complete System Compromise [Video]

Posted by · 6249 views · Translate

Two groups of hackers demonstrated zero-day exploits of Apple's Safari web browser at Pwn2Own Vancouver 2019 yesterday with one of the exploits leading to a complete system compromise.

The Fluoroacetate team, consisting of Amat Cama and Richard Zhu, successfully exploited the browser and escaped the sandbox by using an integer overflow in the browser and a heap overflow. The attempt nearly took the entire allowed time because they used a brute force technique during the sandbox escape. The code would fail then try again until it succeeded. The demonstration earned them $55,000 USD and 5 points towards Master of Pwn.

Ending the day, phoenhex & qwerty team (@_niklasb @qwertyoruiopz and @bkth_) targeting Apple Safari with a kernel elevation. Browsing to a website, the team triggered a JIT bug followed by a heap out-of-bounds (OOB) read – used twice – then pivoted from root to kernel via a Time-of-Check-Time-of-Use (TOCTOU) bug. Despite achieving complete system compromise it was only a partial win since Apple already knows about one of the bugs used. They earned $45,000 USD and 4 points towards Master of Pwn.

Take a look at the video below for more of the day's results...


Recent