This whitepaper describes the vulnerabilities used for Desktop PWN2OWN 2018 and details of the exploits produced. These issues were tested against the latest release Safari (Version 11.0.3 13604.5.6) at the time of writing running on macOS 10.13.3. The exploits described in this paper allow the full compromise of macOS systems running this version of the OS. Exploitation of the issues described would allow an attacker to breach the data stored of the currently logged in user.
The issues described in this paper (CVE-2018-4199 and CVE-2018-4196) were remediated within the macOS High Sierra 10.13.5 security update: