/Safari-iOS10.3.2-macOS-10.12.4-exploit-Bugs

利用以下几个漏洞穿越 Safari 的沙箱

Primary LanguageC

Exploit using following bugs to escape Safari sandbox:

  • CVE-2017-2533: TOCTOU in diskarbitrationd
  • CVE-2017-2535: PID reuse logic bug in authd
  • CVE-2017-2534: Arbitrary dylib loading in speechsynthesisd
  • CVE-2017-6977: NULL ptr dereference in nsurlstoraged

How to use

  1. Get a vulnerable macOS 10.12.4 system with a FAT32 partition called /dev/disk0s1
  2. Back up the contents of /dev/disk0s1
  3. Start Safari
  4. make reset
  5. make inject

by phoenhex team