Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities
#1
Yonghwi Jin  |  PhD Student, Georgia Institute of Technology
Jungwon Lim  |  PhD Student, Georgia Institute of Technology
Insu Yun  |  PhD Student, Georgia Institute of Technology
Taesoo Kim  |  Associate Professor, Georgia Institute of Technology
Date: Thursday, August 6 | 12:30pm-1:10pm
Format: 40-Minute Briefings
Tracks:  Exploit Development,  Reverse Engineering

Compromising a kernel through a browser is the ultimate goal for offensive security researchers. Because of continuous efforts to eliminate vulnerabilities and introduce various mitigations, a remote kernel exploit from a browser becomes extremely difficult, seemingly impossible.

In this talk, we will share our Safari exploit submitted to Pwn2Own 2020. Combining six different vulnerabilities, our exploit successfully compromises the macOS kernel starting from the Safari browser. It breaks every mitigation in macOS including ASLR, DEP, sandbox, and even System Integrity Protection (SIP). Inspecting every vulnerability used in this exploit, we will show not only state-of-the-art hacking techniques but also challenges in protecting complicated systems (i.e., browsers and operating systems) and in introducing their mitigations. Moreover, we will introduce a new technique that reliably exploits a TOCTOU vulnerability in macOS.


HERE
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)