Pwn2Own 2021 - Safari Full Chain

This repo contains exploit source code used by RET2 Systems at Pwn2Own 2021. It has been released for educational purposes, with accompanying blogposts for the RCE and EOP.

The exploit was demonstrated on Safari 14.0.3, macOS Big Sur 11.2.3. The Safari vulnerability was patched in Safari 14.1.1, assigned CVE-2021-30734. The Intel graphics driver vulnerability was patched in macOS Big Sur 11.4, assigned CVE-2021-30735.

License

The contents of this repo are licensed and distributed under the MIT license.

Want to learn?

Check out https://ret2.io/trainings

About

MIT License

Languages

Language:C 68.7%Language:Python 24.0%Language:JavaScript 3.3%Language:Makefile 2.7%Language:Objective-C 0.7%Language:Shell 0.4%Language:HTML 0.1%