360vulcan 发布于 06月20, 2017

Exploit MacOS Kernel Vulnerability to Escape Safari Sandbox

Backgrounds

On Pwn2own 2017, macOS Sierra and Safari 10 from Apple were two of the platforms that have taken the highest number of hits. Though several other teams also successfully compromised or almost compromised the target macOS + Safari, 360Vulcan Team is the very one that exploited the least number of vulnerabilities. It is also the only team that realized sandbox escape through kernel exploit and obtained the system privilege to gain complete control over macOS kernel. In this article, we will share the exploitation techniques of how we successfully found and made use of the kernel vulnerability of macOS.

阅读全文 »

360vulcan 发布于 05月23, 2017

Pwn2own漏洞分享系列:利用macOS内核漏洞逃逸Safari沙盒

背景

在Pwn2own 2017 比赛中,苹果的macOS Sierra 和 Safari 10 成为被攻击最多的目标之一。在此次比赛过程中,尽管有多支战队成功/半成功地完成了对macOS + Safari目标的攻破,然而360安全战队使用的漏洞数量最少,而且也是唯一一个通过内核漏洞实现沙盒逃逸和提权,并完全控制macOS操作系统内核的战队。在这篇技术分享中,我们将介绍我们所利用的macOS内核漏洞的原理和发现细节。

阅读全文 »