Skip to content

ret2/Pwn2Own-2021-Safari

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
eop
 
 
eop_hib
 
 
rce
 
 
LICENSE
 
 
Makefile
 
 
README.md
 
 
eop.c
 
 
fullchain.h
 
 
objcopy.py
 
 
Pwn2Own 2021 - Safari Full Chain License Want to learn?

README.md

Pwn2Own 2021 - Safari Full Chain

This repo contains exploit source code used by RET2 Systems at Pwn2Own 2021. It has been released for educational purposes, with accompanying blogposts for the RCE and EOP. A followup post covers a modified EOP that bypasses KASLR in a different manner (corresponding to the eop_hib directory here).

The exploit was demonstrated on Safari 14.0.3, macOS Big Sur 11.2.3. The Safari vulnerability was patched in Safari 14.1.1, assigned CVE-2021-30734. The Intel graphics driver vulnerability was patched in macOS Big Sur 11.4, assigned CVE-2021-30735.

License

The contents of this repo are licensed and distributed under the MIT license.

Want to learn?

Check out https://ret2.io/trainings

About

No description, website, or topics provided.

Resources

Readme

License

MIT license

Stars

133 stars

Watchers

8 watching

Forks

20 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages