Skip to content

maximehip/Safari-iOS10.3.2-macOS-10.12.4-exploit-Bugs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

bundle

bundle

 
 

DAServer.defs

DAServer.defs

 
 

DAServer.defs.h

DAServer.defs.h

 
 

DAServer.h

DAServer.h

 
 

DAServerUser.c

DAServerUser.c

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

common.h

common.h

 
 

inject_with_log_server.sh

inject_with_log_server.sh

 
 

injector.c

injector.c

 
 

log_server.py

log_server.py

 
 

proc.h

proc.h

 
 

progress.py

progress.py

 
 

restart_ssd.swift

restart_ssd.swift

 
 

ssd1.c

ssd1.c

 
 

ssd2.c

ssd2.c

 
 

webcontent.c

webcontent.c

 
 

workdir.h

workdir.h

 
 

Repository files navigation

Exploit using following bugs to escape Safari sandbox:

  • CVE-2017-2533: TOCTOU in diskarbitrationd
  • CVE-2017-2535: PID reuse logic bug in authd
  • CVE-2017-2534: Arbitrary dylib loading in speechsynthesisd
  • CVE-2017-6977: NULL ptr dereference in nsurlstoraged

How to use

  1. Get a vulnerable macOS 10.12.4 system with a FAT32 partition called /dev/disk0s1
  2. Back up the contents of /dev/disk0s1
  3. Start Safari
  4. make reset
  5. make inject

by phoenhex team

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

79 stars

Watchers

12 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages