One very unique aspect to me of this particular exploit is the abuse of Capsicum syscalls. It seems quite unique to use an API specifically made to increase security posture to aid in exploiting the kernel.