Friday, March 18, 2016 [Tweets] [Favorites]

Safari Root Exploit

Christopher Budd (via Joe Rossignol):

JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Apple Safari to gain root privileges. The attack consisted of four new vulnerabilities: a use-after-free vulnerability in Safari and three additional vulnerabilities, including a heap overflow to escalate to root. This demonstration earned 10 Master of Pwn points and US$60,000.

Note that Safari’s helper processes are sandboxed, but the application itself is not.

Comments

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment