3 matches found
Pwn2Own 2017: UAF in JSC::CachedCall (WebKit)
Pwn2Own 2017: UAF in JSC::CachedCall WebKit As a quick introduction, we are Samuel Groß, AKA saelo, and Niklas Baumstark, both students at Karlsruhe Institute of Technology, and have been playing CTF together for quite some time before we decided to team up for this year’s Pwn2Own. Today we are...
Apple Safari 10.0.3 - JSC::CachedCall Use-After-Free Exploit
Exploit for macOS platform in category remote exploits function makecompiledfunction function targetx return x5 + x - xx; // Call only once so that function gets compiled with low level interpreter // but none of the optimizing JITs target0; return target; function pwn var haxs = new Array0x100;...
Apple Safari 10.0.3 - JSC::CachedCall Use-After-Free
Apple Safari 10.0.3 - JSC::CachedCall Use-After-Free function makecompiledfunction function targetx return x5 + x - xx; // Call only once so that function gets compiled with low level interpreter // but none of the optimizing JITs target0; return target; function pwn var haxs = new Array0x100; fo...