No description, website, or topics provided.
C Python Makefile Other
Switch branches/tags
Nothing to show
Latest commit 4e61c4c Jul 7, 2017 @maximehip UPDATE README
Permalink
Failed to load latest commit information.
bundle first release Jul 7, 2017
DAServer.defs first release Jul 7, 2017
DAServer.defs.h first release Jul 7, 2017
DAServer.h first release Jul 7, 2017
DAServerUser.c first release Jul 7, 2017
Makefile first release Jul 7, 2017
README.md UPDATE README Jul 7, 2017
common.h first release Jul 7, 2017
inject_with_log_server.sh first release Jul 7, 2017
injector.c first release Jul 7, 2017
log_server.py first release Jul 7, 2017
proc.h first release Jul 7, 2017
progress.py first release Jul 7, 2017
restart_ssd.swift first release Jul 7, 2017
ssd1.c first release Jul 7, 2017
ssd2.c first release Jul 7, 2017
webcontent.c first release Jul 7, 2017
workdir.h first release Jul 7, 2017

README.md

Exploit using following bugs to escape Safari sandbox:

  • CVE-2017-2533: TOCTOU in diskarbitrationd
  • CVE-2017-2535: PID reuse logic bug in authd
  • CVE-2017-2534: Arbitrary dylib loading in speechsynthesisd
  • CVE-2017-6977: NULL ptr dereference in nsurlstoraged

How to use

  1. Get a vulnerable macOS 10.12.4 system with a FAT32 partition called /dev/disk0s1
  2. Back up the contents of /dev/disk0s1
  3. Start Safari
  4. make reset
  5. make inject

by phoenhex team