Exploit for vulnerability in WebKit published


The GitHub portal hosts the PoC code for the vulnerability in the WebKit engine used in the Apple Safari browser and other applications for MacOS, IOS, and Linux operating systems that allow you to execute arbitrary code.
According to the author of Linus Henze, the problem has already been fixed in the main branch of WebKit, but remains uncorrected in the IOS and MacOS versions of Safari. The vulnerability affects IOS 12.0 and above, as well as MacOS 10.14 and later versions. The exploit is designed to work on both MacOS and IOS, although the latter case will require further refinement, Henze admits.
PoC code allows you to run Shellcode in Safari and perform actions with browser privileges, including bypassing the Same origin policy, SOP, and accessing information from any loaded page. As noted, the exploit will be useless for attackers who do not have technical skills because they do not provide the ability to execute code outside the browser. To do this, the PoC code must be used in conjunction with other exploits, including those that exploit the vulnerability that allows the sandbox to escape.
The vulnerability can affect not only Safari, but other products that use the JavaScriptCore engine. The Google Chrome Browser does not have a problem because it implements the V8 engine.
Source: https://www.securitylab.ru/news/496896.php

Leave a Reply

Your email address will not be published. Required fields are marked *