Lucene search
@jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_GatechZDI-20-679HistoryMay 28, 2020 - 12:00 a.m.
(Pwn2Own) Apple Safari Symbolic Link Arbitrary Application Execution Vulnerability
2020-05-2800:00:00
@jinmo123, @setuid0x0_, and @insu_yun_en of @SSLab_Gatech
www.zerodayinitiative.com
18
0.195 Low
EPSS
Percentile
96.3%
This vulnerability allows local attackers to escalate privileges on affected installations of Apple Safari. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of symbolic links. The issue results from the improper validation of symbolic links prior to performing operations on them. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute code in the context of the kernel.
References
Related
cvelist
cvelist
CVE-2020-9801
2020-06-09 16:04:44
prion
prion
Code injection
2020-06-09 17:15:00
cve
cve
CVE-2020-9801
2020-06-09 17:15:12
nvd
nvd
CVE-2020-9801
2020-06-09 17:15:12
zdt
zdt
Safari Type Confusion / Sandbox Escape Exploit
2020-10-01 00:00:00
metasploit
metasploit
Safari in Operator Side Effect Exploit
2020-08-14 08:10:34
packetstorm
packetstorm
Safari Type Confusion / Sandbox Escape
2020-10-01 00:00:00
openvas
openvas
Apple Safari Security Update (HT211177)
2020-05-28 00:00:00
apple
apple
About the security content of Safari 13.1.1
2020-05-26 00:00:00
About the security content of Safari 13.1.1 - Apple Support
2020-05-27 12:42:27