Awesome

Exploit using following bugs to escape Safari sandbox:

• CVE-2017-2533: TOCTOU in diskarbitrationd
• CVE-2017-2535: PID reuse logic bug in authd
• CVE-2017-2534: Arbitrary dylib loading in speechsynthesisd
• CVE-2017-6977: NULL ptr dereference in nsurlstoraged

How to use

1. Get a vulnerable macOS 10.12.4 system with a FAT32 partition called /dev/disk0s1
2. Back up the contents of /dev/disk0s1
3. Start Safari
4. make reset
5. make inject

by phoenhex team