safariicon.jpgEvery year for the past seven years, hackers have gathered at the annual PWN2OWN event to hack high-profile software and mobile devices using previously unknown vulnerabilities. Apple's Safari browser and iOS platform are often included in the annual contest, which also targets Internet Explorer, Chrome, Firefox, and Adobe's Flash and Reader applications. This year, Safari was taken down on day two by a team of vulnerability researchers and exploit developers from China, reports ThreatPost.

China's Keen team exploited two vulnerabilities that allowed the team to execute arbitrary code using a Safari WebKit flaw and circumvent Apple's sandbox via an OS X system-level vulnerability. Speaking about the vulnerabilities they found, the Keen team stated that Apple's OS X is difficult to exploit and the operating system overall is very secure.

"For Apple, the OS is regarded as very safe and has a very good security architecture," Keen team member Liang Chen said. "Even if you have a vulnerability, it’s very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems."

Apple representatives attended the contest and were made aware of the security exploits used in the contest. This isn't the first time Safari has been exploited during the contest. In 2011, a team of French security researchers compromised a MacBook by remotely running code within five seconds of contacting the machine.

Top Rated Comments

nt5672 Avatar
103 months ago
Public awareness of security flaws is the best way to ensure the security of our devices. Thank you Chinese security team.
Score: 18 Votes (Like | Disagree)
leman Avatar
103 months ago
The most secure OS maybe FreeBSD or Linux.
Which one of thousand existing Linux distributives are you talking about? Linux is not an OS, its a kernel - and this is the reason why Linux is not even considered at PWN2OWN. The kernel is usually quite secure, its the software stack on its top that has vulnerabilities.
Score: 9 Votes (Like | Disagree)
thaifood Avatar
103 months ago
I wonder if the hacker praise is real or just polite words. Hopefully, we will see a Safari update soon.

I'm sure there is professional praise. Plus it's essentially free debug testing for the companies participating.
Score: 7 Votes (Like | Disagree)
BigBeast Avatar
103 months ago
[...]if I understood correctly you would have to use both to really get control.

I would guess that if the second vulnerability circumvents sandboxing, that it should be the first fix. Webkit vulnerabilities are almost inevitable; that's why sandboxing exists. If sandboxing doesn't catch the threat or is bypassed, that's a greater weakness.
Score: 5 Votes (Like | Disagree)
2457282 Avatar
103 months ago
The article also said the team felt that Safari was more secure than other platforms. I am no expert but it does look like at least one is simple to fix and if I understood correctly you would have to use both to really get control. So if they fix either it would solve the problem.

Having said all that, if this is the most secure, the others have some really big problems.
Score: 4 Votes (Like | Disagree)
iamkarlp Avatar
103 months ago
Which one of thousand existing Linux distributives are you talking about? Linux is not an OS, its a kernel - and this is the reason why Linux is not even considered at PWN2OWN. The kernel is usually quite secure, its the software stack on its top that has vulnerabilities.

Indeed. And with the average GUI linux install being anywhere between 3~10 GB on disk, with the kernel only making up ~100MB of that, there is a lot of software stack to go around.

Karl P
Score: 3 Votes (Like | Disagree)

Popular Stories

airpodsinear 1

AirPods Save Woman's Life With Feature Everyone Should Know

Friday January 21, 2022 2:13 am PST by
Apple's AirPods have been credited with saving a woman's life after a potentially fatal fall, People reports. When a 60-year-old florist in New Jersey tripped and hit her head in her studio, she lost consciousness and awoke heavily bleeding. With nobody around to call for help, she realized she had her AirPods in, and used a "Hey Siri" command to call 911. An operator was able to stay on the ...
Upcoming Products 2022 Feature

Gurman: Apple Preparing 'Widest Array of New Hardware Products in Its History' for Fall

Sunday January 23, 2022 10:32 am PST by
Apple is working on a number of new products that are set to launch this fall, and Bloomberg's Mark Gurman says that it will be "the widest array" of new devices that Apple has introduced in its history. In his latest "Power On" newsletter, Gurman explains that Apple is working on four new flagship iPhones (iPhone 14, iPhone 14 Max, iPhone 14 Pro, and iPhone 14 Pro Max), an updated low-end Ma...
Questionable Design Decisions

Apple's Most Questionable Design Decisions in Recent Memory

Sunday January 23, 2022 2:59 am PST by
Apple has always emphasized the depth of thought that goes into the design of its products. In the foreword to Designed by Apple in California, a photo book released by the company in 2016, Jony Ive explains how Apple strives "to define objects that appear effortless" and "so simple, coherent and inevitable that there could be no rational alternative." But every once in a while even Apple...
top stories 2022jan22

Top Stories: Spring Apple Event Rumors, Apple Opposes Sideloading, and More

Saturday January 22, 2022 6:00 am PST by
As we roll into the latter half of January, we're starting to hear more about a potential spring Apple event, which is likely to take place in March or April. There are a number of potential announcements on deck, so an event would be a good opportunity for Apple to get them all out there. We've also been going back and forth on some iPhone 14 rumors, and we've taken a look at a number of...
att gigabit internet

AT&T Bringing $180/Month 5-Gigabit Internet to 70 Cities

Monday January 24, 2022 9:20 am PST by
AT&T today announced the launch of upgraded AT&T Fiber plans, which support speeds of up to 5 Gigabits for some customers. There are two separate plans, one "2 GIG" plan and one "5 GIG" plan, available to new and existing AT&T Fiber subscribers. According to AT&T, the new plans are available to nearly 5.2 million customers across 70 metro areas including Los Angeles, Atlanta, Chicago, San...
macbook pro 14 16 2021

Three Months After Launch, Apple Still Struggling to Meet Demand for Redesigned 14-Inch and 16-Inch MacBook Pro

Monday January 24, 2022 7:12 am PST by
Three months after their launch, the 14-inch and 16-inch MacBook Pros continue to experience high demand and seemingly short supply, with shipping dates for both models stretching into multiple weeks in several of Apple's key markets. In the United States, the baseline 14-inch MacBook Pro with the M1 Pro chip is estimated to ship in three to four weeks, promising an arrival by at least...
peloton tv workout cardio

Apple Floated as Potential Buyer of Peloton

Friday January 21, 2022 6:11 am PST by
Following months of bleak news about Peloton's "precarious state," including the revelation that it has halted production of its bikes and treadmills, Apple is being floated as a potential buyer of Peloton's troubled fitness business. Yesterday, CNBC reported that Peloton will temporarily stop production of its connected fitness products due to a "significant reduction" in consumer demand, a ...
Spring 2022 Apple Products Feature

New iPad Air, Macs, and iPhone SE With 5G Likely to Be Announced at Apple Event This Spring

Thursday January 20, 2022 8:32 am PST by
Earlier this week, Bloomberg's Mark Gurman tweeted that Apple "will be holding a spring event" to announce a new iPhone SE and other hardware. In a recent edition of his newsletter, Gurman said the event is likely to occur in March or April. Gurman did not elaborate on what "other hardware" will be announced at Apple's purported spring event, but rumors suggest at least four products are...