Log in Get started

Back to Metasploit Framework

README

external/source/exploits/CVE-2020-9850/README.md

6.4.1311.7 KB

Original Source

Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities

Overview

This repository contains exploitation and technical details of our Pwn2Own 2020 winning submission targeting Apple Safari with a kernel escalation of privilege for macOS 10.15.3. For further information, you can also check our Blackhat USA 2020 slides. This repository also includes our demo video for the succesful exploitation.

Build from source

shell

# Install xcode first
$ python3 -m pip install --user "lief==0.10.1"
$ make

Authors

Yonghwi Jin ([email protected])
Jungwon Lim ([email protected])
Insu Yun ([email protected])
Taesoo Kim ([email protected])

Citation

txt

@inproceedings{jin:pwn2own2020-safari,
  title        = {{Compromising the macOS kernel through Safari by chaining six vulnerabilities}},
  author       = {Yonghwi Jin and Jungwon Lim and Insu Yun and Taesoo Kim},
  booktitle    = {Black Hat USA Briefings (Black Hat USA)},
  month        = aug,
  year         = 2020,
  address      = {Las Vegas, NV},
}

Reference