This talk discussed the trials and tribulations of our Pwn2Own preparation this year for targeting Apple macOS Safari. Both in terms of the tools we have developed for browser vulnerability research and the experience gained whilst exploit writing for the latest version of Safari on macOS.
We discussed the need for continuous development of tooling, the ability to spin up new automation and react to changes such as updates. We also discussed the death of the first vulnerability (5 mins after completing the exploit!) and our rapid need to find a replacement issue.
The talk then described the specific vulnerabilities used within this year’s successful Pwn2Own and exploitation techniques used. This included both the browser (heap underflow) vulnerability and sandbox breakout (uninitialized memory) vulnerability.