{"id":24685,"date":"2019-03-21T15:53:01","date_gmt":"2019-03-21T19:53:01","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=24685"},"modified":"2021-07-06T17:17:23","modified_gmt":"2021-07-06T21:17:23","slug":"zero-day-safari-exploits-allowed-complete-takeover-of-mac","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2019\/03\/21\/zero-day-safari-exploits-allowed-complete-takeover-of-mac\/","title":{"rendered":"Zero-day Safari Exploits Allowed Complete Takeover of Mac"},"content":{"rendered":"<p><a href=\"https:\/\/9to5mac.com\/2019\/03\/21\/zero-day-safari-exploits\/\">Ben Lovejoy<\/a>:<\/p>\n<blockquote cite=\"https:\/\/9to5mac.com\/2019\/03\/21\/zero-day-safari-exploits\/\"><p>The <a href=\"https:\/\/www.thezdi.com\/blog\/2019\/3\/20\/pwn2own-vancouver-2019-day-one-results\">first exploit<\/a> managed to escape the sandbox, a protection macOS uses to ensure that apps only have access to their own data, and any system data permitted by Apple.<\/p><p>[&#8230;]<\/p><p>The second got rather further, gaining both root and kernel access to the Mac.<\/p><\/blockquote>\n<p>This despite process isolation <em>and<\/em> sandboxing<\/p>","protected":false},"excerpt":{"rendered":"<p>Ben Lovejoy: The first exploit managed to escape the sandbox, a protection macOS uses to ensure that apps only have access to their own data, and any system data permitted by Apple.[&#8230;]The second got rather further, gaining both root and kernel access to the Mac. This despite process isolation and sandboxing<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2019-03-21T19:53:03Z","apple_news_api_id":"695d8209-6651-472b-b203-e6a833018778","apple_news_api_modified_at":"2021-07-06T21:17:26Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAA==","apple_news_api_share_url":"https:\/\/apple.news\/AaV2CCWZRRyuyA-aoMwGHeA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,2095,30,1609,103,53,48],"class_list":["post-24685","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-exploit","tag-mac","tag-macos-10-14","tag-safari","tag-sandboxing","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/24685","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=24685"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/24685\/revisions"}],"predecessor-version":[{"id":24686,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/24685\/revisions\/24686"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=24685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=24685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=24685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}