Safari Root Exploit
Christopher Budd (via Joe Rossignol):
JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Apple Safari to gain root privileges. The attack consisted of four new vulnerabilities: a use-after-free vulnerability in Safari and three additional vulnerabilities, including a heap overflow to escalate to root. This demonstration earned 10 Master of Pwn points and US$60,000.
Note that Safari’s helper processes are sandboxed, but the application itself is not.
