RCE exploit for the latest Safari
PLEASE READ THIS FIRST
This is currently only patched in the WebKit sources and works with the latest version of Safari (macOS and iOS, although this needs to be updated in order to work with iOS).
Please don't do evil stuff with this.
And if you're a normal user, this will be useless for you.
This is an exploit for the latest version of Safari (as of Dec. 6 2018). Fixed in the current WebKit release, therefore I decided to make this public.
Huge thanks to Samuel Groß (@5aelo) for his awesome Int64 library.
You need to have a WebSocket Server running at Port 5000 or you get "Initialization failed".
If you want to rebuild stage2, cd into stage2 then run python make.py.
For building you need to have gobjcopy installed. (brew install binutils)
Exploitation is pretty similar to @5aelo's exploit for CVE-2018-4233, which can be found here .
Clean up the code a bit, add some comments and do a proper writeup. Maybe even add iOS support? Feel free to create a PR if you want to help me.
- 学会这一招，Safari 网站搜索快人一步
- RCE exploit for the latest Safari
- ‘Google You Owe Us’ claimants aren’t giving up on UK Safari workaround suit
- Apple's new anti-tracking feature in Safari takes toll
- Service workers and videos in Safari
- Supporting Dark Mode: On the Web
- Safari 12 更新详解：停止支持非官方拓展、智能防跟踪、重复密码检测等
- UK High Court blocks compensation suit against Google’s ‘Safari workaround’
- U.K. Court Blocks Mass Legal Action Over Google's Alleged Tracking of Safari Users