Pwn2Own 2020 - Safari on Catalina falls on day one

[bogdanw]

"The day began with Pwn2Own newcomers – a team from Georgia Tech Systems Software & Security Lab (@SSLab_Gatech) consisting of Yong Hwi Jin, Jungwon Lim, and Insu Yun. They were targeting Apple Safari with a macOS kernel escalation of privilege. They chained together six unique bugs starting with a JIT vulnerability and ending with TOCTOU/race condition to escape the sandbox and pop a root shell. They also disabled System Integrity Protection (SIP) on the device to demonstrate that they achieved kernel-level code execution. Their smooth demonstration earned them $70,000 and 7 points towards Master of Pwn."
https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results
Demonstration - Pwn2Own 2020 - Day One Results

 

[DinkThifferent]

Does this mean Catalina is more vulnerable than other versions of MacOS or that they have only tested Safari on Catalina?

 

[bogdanw]

Does this mean Catalina is more vulnerable than other versions of MacOS or that they have only tested Safari on Catalina?

According to Pwn2Own rules:
"The targets will be running on the latest, fully patched version of the operating system available on the selected target (Microsoft Windows 10 19H2 x64, Apple macOS Catalina, and Ubuntu 19.10 for Desktop) unless otherwise stated in the Category description in Section 4. All targets will be 64-bit, if available, and installed in their default configurations. The vulnerabilities utilized in the entry must be unknown, unpublished, and not previously reported to the vendor. A given vulnerability may only be used once across all categories."
https://www.zerodayinitiative.com/Pwn2OwnVancouver2020Rules.html

 

[DinkThifferent]

Okay well hopefully Apple will patch it in 10.15.4 or .5!