
A Pwn2Own Exploit Chain - lelf
https://github.com/saelo/pwn2own2018
======
aboutruby
> for macOS 10.13.3

macOS 10.13, High Sierra, June 5, 2017

macOS 10.14, Mojave, June 4, 2018

10.13.3 released January 23, 2018, with another little update February 19,
2018

10.13.4 released March 29, 2018

[https://en.wikipedia.org/wiki/MacOS_High_Sierra](https://en.wikipedia.org/wiki/MacOS_High_Sierra)

Not sure how much of this applies to other released macOS versions.

Quite impressive as it goes all the way to load a kernel extension.

(Title should be "Pwn2Own 2018: Safari + macOS")

Also ~50% macOS users are on High Sierra. Not sure about point releases.

------
qubex
As a macOS/Safari user I find this terrifying, but as a computer security
aficionado (and onetime pen-tester) I also find this to be a sublime work of
art.

------
zadkey
Is sharing this the right thing to do ethically?

I am honestly not sure.

~~~
saagarjha
At Pwn2Own? It’s probably ones of the best ways, to be honest.

