safariicon.jpgEvery year for the past seven years, hackers have gathered at the annual PWN2OWN event to hack high-profile software and mobile devices using previously unknown vulnerabilities. Apple's Safari browser and iOS platform are often included in the annual contest, which also targets Internet Explorer, Chrome, Firefox, and Adobe's Flash and Reader applications. This year, Safari was taken down on day two by a team of vulnerability researchers and exploit developers from China, reports ThreatPost.

China's Keen team exploited two vulnerabilities that allowed the team to execute arbitrary code using a Safari WebKit flaw and circumvent Apple's sandbox via an OS X system-level vulnerability. Speaking about the vulnerabilities they found, the Keen team stated that Apple's OS X is difficult to exploit and the operating system overall is very secure.

"For Apple, the OS is regarded as very safe and has a very good security architecture," Keen team member Liang Chen said. "Even if you have a vulnerability, it’s very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems."

Apple representatives attended the contest and were made aware of the security exploits used in the contest. This isn't the first time Safari has been exploited during the contest. In 2011, a team of French security researchers compromised a MacBook by remotely running code within five seconds of contacting the machine.

Top Rated Comments

nt5672 Avatar
nt5672
139 months ago
Public awareness of security flaws is the best way to ensure the security of our devices. Thank you Chinese security team.
Score: 18 Votes (Like | Disagree)
leman Avatar
leman
139 months ago
The most secure OS maybe FreeBSD or Linux.
Which one of thousand existing Linux distributives are you talking about? Linux is not an OS, its a kernel - and this is the reason why Linux is not even considered at PWN2OWN. The kernel is usually quite secure, its the software stack on its top that has vulnerabilities.
Score: 9 Votes (Like | Disagree)
thaifood Avatar
thaifood
139 months ago
I wonder if the hacker praise is real or just polite words. Hopefully, we will see a Safari update soon.

I'm sure there is professional praise. Plus it's essentially free debug testing for the companies participating.
Score: 7 Votes (Like | Disagree)
BigBeast Avatar
BigBeast
139 months ago
[...]if I understood correctly you would have to use both to really get control.

I would guess that if the second vulnerability circumvents sandboxing, that it should be the first fix. Webkit vulnerabilities are almost inevitable; that's why sandboxing exists. If sandboxing doesn't catch the threat or is bypassed, that's a greater weakness.
Score: 5 Votes (Like | Disagree)
2457282 Avatar
2457282
139 months ago
The article also said the team felt that Safari was more secure than other platforms. I am no expert but it does look like at least one is simple to fix and if I understood correctly you would have to use both to really get control. So if they fix either it would solve the problem.

Having said all that, if this is the most secure, the others have some really big problems.
Score: 4 Votes (Like | Disagree)
iamkarlp Avatar
iamkarlp
139 months ago
Which one of thousand existing Linux distributives are you talking about? Linux is not an OS, its a kernel - and this is the reason why Linux is not even considered at PWN2OWN. The kernel is usually quite secure, its the software stack on its top that has vulnerabilities.

Indeed. And with the average GUI linux install being anywhere between 3~10 GB on disk, with the kernel only making up ~100MB of that, there is a lot of software stack to go around.

Karl P
Score: 3 Votes (Like | Disagree)
Read All Comments

Popular Stories

15 New Things Your iPhone Can Do in iOS 18

18 New Things Your iPhone Can Do in iOS 18.1

Monday October 21, 2024 1:44 am PDT by
Apple is expected to release iOS 18.1 on Monday, October 28, bringing the first set of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update marks the first significant step forward in Apple's AI integration, offering a new Siri contextually-aware experience and a range of additional capabilities powered by on-device machine learning and large language models. There are a ...
Read Full Article43 comments
Tim Cook Vision Pro

Tim Cook Admits Truth About Vision Pro Following Lackluster Sales

Monday October 21, 2024 8:21 am PDT by
The Wall Street Journal's Ben Cohen this summer interviewed Apple CEO Tim Cook about the Vision Pro, innovation, Apple Intelligence, and more. Image Credit: Vanity Fair Cook admitted that the Vision Pro headset is not a mass-market product due to its high price. "At $3,500, it's not a mass-market product," said Cook. "Right now, it's an early-adopter product. People who want to have...
Read Full Article213 comments
airpods pro 2 pink

Apple Releases New AirPods Pro, AirPods, and AirPods Max Firmware

Tuesday October 22, 2024 11:39 am PDT by
Apple today released a new firmware update for the original AirPods Pro, the AirPods 2, the AirPods 3, and the Lightning version of the AirPods Max headphones. The new firmware is version 6F21, up from the prior 6A326 firmware that these devices were previously running. There is no word on what's included in the firmware, but given that these are all older models, it is likely that the new...
Read Full Article63 comments
apple vision pro orange

Report: Apple May Stop Producing Vision Pro by the End of 2024

Wednesday October 23, 2024 6:11 am PDT by
Apple has abruptly reduced production of the Vision Pro headset and could stop making the current version of the device completely by the end of 2024, The Information reports. Citing multiple people "directly involved" in making components for the headset, the report says that the scaling back of production began in the early summer. This indicates that Apple now has a sufficient number of...
Read Full Article296 comments
M4 Mac mini Silver Perspective

5 Reasons to Get Excited About the New Mac Mini

Wednesday October 23, 2024 6:55 am PDT by
Apple's Mac mini has long been a powerhouse in a compact form, offering impressive performance in a small package. With rumors swirling about a completely overhauled new model that is likely just days away from being announced, anticipation is building for what Apple has in store. From enhanced connectivity to major hardware upgrades, the upcoming Mac mini promises to bring significant...
Read Full Article202 comments
M4 Mac mini Ortho Black Cooler

Gurman: 'M4 Mac Launch' is 'Next Week'

Tuesday October 22, 2024 10:29 am PDT by
Just a few hours after claiming that the first Macs with M4 chips are launching "very soon," Bloomberg's Mark Gurman has followed up with a slightly more specific timeframe. In his latest social media post today, he said an "M4 Mac launch" is on Apple's schedule for next week, but he did not mention a specific day. A concept of a smaller Mac mini with front-facing USB-C ports "Busy week for...
Read Full Article123 comments
m3 mbp space black

Gurman: New MacBook Pro, iMac, and Mac Mini Models With M4 Chips Launching 'Very Soon'

Tuesday October 22, 2024 7:11 am PDT by
Apple is planning to launch its first Macs with the M4 series of chips "very soon," according to Bloomberg's Mark Gurman. In a social media post today, Gurman said these Macs will include new MacBook Pro, iMac, and Mac mini models specifically. He continues to expect the next Mac mini to feature a "revamped" design, in line with his previous reporting that said the new model will be nearly...
Read Full Article70 comments
mac magic keyboard

Apple Working on New Magic Mouse 2, Magic Trackpad 2 and Magic Keyboard

Monday October 21, 2024 10:59 am PDT by
Apple may soon release new versions of the Magic Mouse, Magic Keyboard, and Magic Trackpad, according to code found in the iOS 18.1 release candidate by MacRumors contributor Aaron Perris. There are references to a new Magic Mouse 2, Magic Trackpad 2, and several Magic Keyboards, which would include versions with Touch ID and number pads, as well as models without. While there is no...
Read Full Article224 comments
airpods pro 2 hearing aids

Apple Confirms AirPods Pro 2 Hearing Features Launching in iOS 18.1 Next Week

Monday October 21, 2024 5:32 am PDT by
Apple will release iOS 18.1 next week, introducing a suite of advanced hearing health capabilities to the AirPods Pro 2 and the first Apple Intelligence features. The timing of the update was confirmed by reviewers who were given early access to the AirPods Pro 2's new hearing health features, which are now known to be included in the update. The update will include three core features:...
Read Full Article79 comments
Whatsapp Feature

WhatsApp for iOS Gets New Home Screen Widget for Chats, Camera Updates

Monday October 21, 2024 2:37 pm PDT by
Popular messaging app WhatsApp was today updated to add a new Home Screen widget that's specific to chats. The widget is available on the iPhone after updating to version 24.21.81, which came out this afternoon. After updating the widget can be added to the Home Screen using the Edit interface. Users can choose from Recents, Favorites, Pinned, or Frequently Contacted to get quick access to...
Read Full Article29 comments