safariicon.jpgEvery year for the past seven years, hackers have gathered at the annual PWN2OWN event to hack high-profile software and mobile devices using previously unknown vulnerabilities. Apple's Safari browser and iOS platform are often included in the annual contest, which also targets Internet Explorer, Chrome, Firefox, and Adobe's Flash and Reader applications. This year, Safari was taken down on day two by a team of vulnerability researchers and exploit developers from China, reports ThreatPost.

China's Keen team exploited two vulnerabilities that allowed the team to execute arbitrary code using a Safari WebKit flaw and circumvent Apple's sandbox via an OS X system-level vulnerability. Speaking about the vulnerabilities they found, the Keen team stated that Apple's OS X is difficult to exploit and the operating system overall is very secure.

"For Apple, the OS is regarded as very safe and has a very good security architecture," Keen team member Liang Chen said. "Even if you have a vulnerability, it’s very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems."

Apple representatives attended the contest and were made aware of the security exploits used in the contest. This isn't the first time Safari has been exploited during the contest. In 2011, a team of French security researchers compromised a MacBook by remotely running code within five seconds of contacting the machine.

Top Rated Comments

nt5672 Avatar
nt5672
94 months ago
Public awareness of security flaws is the best way to ensure the security of our devices. Thank you Chinese security team.
Score: 18 Votes (Like | Disagree)
leman Avatar
leman
94 months ago
The most secure OS maybe FreeBSD or Linux.
Which one of thousand existing Linux distributives are you talking about? Linux is not an OS, its a kernel - and this is the reason why Linux is not even considered at PWN2OWN. The kernel is usually quite secure, its the software stack on its top that has vulnerabilities.
Score: 9 Votes (Like | Disagree)
thaifood Avatar
thaifood
94 months ago
I wonder if the hacker praise is real or just polite words. Hopefully, we will see a Safari update soon.

I'm sure there is professional praise. Plus it's essentially free debug testing for the companies participating.
Score: 7 Votes (Like | Disagree)
BigBeast Avatar
BigBeast
94 months ago
[...]if I understood correctly you would have to use both to really get control.

I would guess that if the second vulnerability circumvents sandboxing, that it should be the first fix. Webkit vulnerabilities are almost inevitable; that's why sandboxing exists. If sandboxing doesn't catch the threat or is bypassed, that's a greater weakness.
Score: 5 Votes (Like | Disagree)
2457282 Avatar
2457282
94 months ago
The article also said the team felt that Safari was more secure than other platforms. I am no expert but it does look like at least one is simple to fix and if I understood correctly you would have to use both to really get control. So if they fix either it would solve the problem.

Having said all that, if this is the most secure, the others have some really big problems.
Score: 4 Votes (Like | Disagree)
iamkarlp Avatar
iamkarlp
94 months ago
Which one of thousand existing Linux distributives are you talking about? Linux is not an OS, its a kernel - and this is the reason why Linux is not even considered at PWN2OWN. The kernel is usually quite secure, its the software stack on its top that has vulnerabilities.

Indeed. And with the average GUI linux install being anywhere between 3~10 GB on disk, with the kernel only making up ~100MB of that, there is a lot of software stack to go around.

Karl P
Score: 3 Votes (Like | Disagree)
Read All Comments

Top Stories

apple music change forever

Apple Music Teaser: 'Get Ready – Music is About to Change Forever'

Sunday May 16, 2021 2:39 pm PDT by
The Browse tab in the Music app across Apple's platforms has started displaying a prominent teaser hinting at an upcoming major announcement for Apple Music. Under the heading "Coming soon," the headline says "Get ready – music is about to change forever." An accompanying "Tune-In Video" simply shows an animated Apple Music logo. Rumors have indicated that Apple is preparing to launch a...
Read Full Article149 comments
m1 ipad pro early customer

M1 iPad Pro Arrives Early for Lucky Customer

Saturday May 15, 2021 11:57 pm PDT by
Days ahead of their expected launch and seemingly before official review embargoes lift, one lucky customer has already gotten their hands on the brand new 12.9-inch M1 iPad Pro. Reddit User PeterDragon50 Posted on Reddit, u/PeterDragon50 has already received their 12.9-inch iPad Pro through retailer Nebraska Furniture Mart. The Reddit user says they placed their order when pre-orders...
Read Full Article392 comments
AirPods Lineup Not Lossless Feature

AirPods, AirPods Max and AirPods Pro Don't Support Apple Music Lossless Audio

Monday May 17, 2021 10:44 am PDT by
Apple today announced that starting in June, Apple Music songs will be available to stream in Lossless and Hi-Resolution Lossless formats, but lossless audio won't be supported on the AirPods, AirPods Max, or AirPods Pro. Apple's Lossless Audio is encoded as Apple Lossless Audio Codec files, with lossless quality ranging from 16-bit 44.1 kHz playback to 24-bit 48 kHz playback and Hi-Res...
Read Full Article503 comments
apple music spatial audio

Apple Music Launching Spatial Audio With Dolby Atmos and Lossless Audio in June at No Extra Cost

Monday May 17, 2021 6:06 am PDT by
Apple today announced that Apple Music will be gaining support for Spatial Audio with Dolby Atmos at no additional cost starting in June. At launch, Apple Music subscribers will have access to thousands of songs in Spatial Audio from artists like J Balvin, Gustavo Dudamel, Ariana Grande, Maroon 5, Kacey Musgraves, The Weeknd, and many others. Apple says this feature will provide a...
Read Full Article450 comments
M2 MacBook Pros 10 Core Summer Feature

Redesigned MacBook Pro Models With 10-Core Apple Silicon Chip Said to Launch as Early as This Summer

Tuesday May 18, 2021 5:39 am PDT by
Apple plans to launch new 14-inch and 16-inch MacBook Pro models with an improved iteration of the M1 chip as early as this summer, according to Bloomberg's Mark Gurman. The new chip is said to include a 10-core CPU with eight high-performance cores and two energy-efficient cores, with 16-core or 32-core GPU options. Gurman said the next-generation Apple silicon chip will also support up to...
Read Full Article190 comments
imac 2021 box

Apple's New 24-Inch iMac Shown Off in Early Unboxing

Monday May 17, 2021 8:18 pm PDT by
Update: The early unboxing video was taken down, but other unboxing and first impression videos are now available. The new 24-inch iMac doesn't officially launch until this Friday, May 21, but an early unboxing of the machine has been shared on YouTube. The iMac unboxing video was made private subsequent to this story. The video from Gadget Guy is in Cantonese, but it offers an up-close...
Read Full Article187 comments
apple music logo

Apple Music Teaser References 'Hi-Res Lossless' and 'Dolby Atmos'

Sunday May 16, 2021 4:04 pm PDT by
Earlier today, Apple Music began teasing a special announcement with the tagline "Get Ready – Music is About to Change Forever." This teaser comes amid a rumor that Apple is preparing to announce the third-generation AirPods alongside a HiFi, or lossless audio streaming tier for Apple Music on Tuesday, May 18. Now, references to "Apple Lossless," "Free Lossless," "Hi-Res Lossless," and...
Read Full Article141 comments
Beats Studio Buds feature 3

New 'Beats Studio Buds' Revealed in iOS and tvOS 14.6

Monday May 17, 2021 11:10 am PDT by
Apple is working on new wire-free in-ear Beats-branded earbuds, according to images in the tvOS 14.6 and iOS 14.6 betas that were found by MacRumors contributor Steve Moser. The Beats Studio Buds are unlike any prior Beats headphones that Apple has released as there is no ear wrap as with the Powerbeats Pro or a wire like the Powerbeats. The Beats Studio Buds are tiny in design and are...
Read Full Article58 comments
iPhone Hi Fi Apple Music Feature

Apple Music Gaining Spatial Audio and Lossless Audio in iOS 14.6, Not All Tracks Supported at Launch

Monday May 17, 2021 8:29 am PDT by
Apple Music's incoming Spatial Audio with Dolby Atmos and Lossless Audio features will be available in June on devices running iOS 14.6, iPadOS 14.6, macOS 11.4, and tvOS 14.6 or later, according to Apple. Apple said thousands of tracks will be available in Spatial Audio with Dolby Atmos at no additional cost, with more added regularly. Already available on the AirPods Pro, Apple describes...
Read Full Article189 comments
AirPods Lineup Feature Triad

Apple Music Dolby Atmos Compatible With All AirPods Models and Other Headphones

Monday May 17, 2021 6:54 am PDT by
Apple today announced that starting in June, Apple Music subscribers will have access to higher quality Lossless audio streaming, as well as Dolby Atmos, which replicates an immersive audio experience. Despite Spatial Audio for movies and TV shows being only available on the AirPods Pro and AirPods Max, Dolby Atmos for Apple Music, which Apple describes as creating an "immersive audio format ...
Read Full Article67 comments