Apple's Macs are affected by two critical zero-day exploits that were discovered for the Safari browser and were presented at a security conference in Vancouver, Canada. With the help of one of them, a hacker can take administrator control over macOS, and can take any kind of information from that Mac.
The first exploit allows a hacker to access files outside the sandbox of the application he created, something that would normally be impossible. The second also allows the taking over of administrator rights, which makes the exploit extremely dangerous for Macs from Cupertino, Apple currently only knowing one of the exploited vulnerabilities.
The hackers who demonstrated these exploits received 90.000 dollars for the fact that they managed to show that Apple's operating system is not really that secure. Of course, these exploits will also be made known to those from Apple, who anyway pay even larger sums of money for the vulnerabilities discovered in the operating systems.
They successfully exploited the browser and escaped the sandbox by using an integer overflow in the browser and a heap overflow to escape the sandbox. The attempt almost took the entire allowed time because they used a brute force technique during the sandbox escape. They demonstrated a complete system compromise. By browsing to their website, they triggered a JIT bug followed by a heap out-of-bounds (OOB) read – used twice – then pivoted from root to kernel via a Time-of-Check-Time-of-Use (TOCTOU) bug.
