safariicon.jpgEvery year for the past seven years, hackers have gathered at the annual PWN2OWN event to hack high-profile software and mobile devices using previously unknown vulnerabilities. Apple's Safari browser and iOS platform are often included in the annual contest, which also targets Internet Explorer, Chrome, Firefox, and Adobe's Flash and Reader applications. This year, Safari was taken down on day two by a team of vulnerability researchers and exploit developers from China, reports ThreatPost.

China's Keen team exploited two vulnerabilities that allowed the team to execute arbitrary code using a Safari WebKit flaw and circumvent Apple's sandbox via an OS X system-level vulnerability. Speaking about the vulnerabilities they found, the Keen team stated that Apple's OS X is difficult to exploit and the operating system overall is very secure.

"For Apple, the OS is regarded as very safe and has a very good security architecture," Keen team member Liang Chen said. "Even if you have a vulnerability, it’s very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems."

Apple representatives attended the contest and were made aware of the security exploits used in the contest. This isn't the first time Safari has been exploited during the contest. In 2011, a team of French security researchers compromised a MacBook by remotely running code within five seconds of contacting the machine.

Top Rated Comments

nt5672 Avatar
135 months ago
Public awareness of security flaws is the best way to ensure the security of our devices. Thank you Chinese security team.
Score: 18 Votes (Like | Disagree)
leman Avatar
135 months ago
The most secure OS maybe FreeBSD or Linux.
Which one of thousand existing Linux distributives are you talking about? Linux is not an OS, its a kernel - and this is the reason why Linux is not even considered at PWN2OWN. The kernel is usually quite secure, its the software stack on its top that has vulnerabilities.
Score: 9 Votes (Like | Disagree)
thaifood Avatar
135 months ago
I wonder if the hacker praise is real or just polite words. Hopefully, we will see a Safari update soon.

I'm sure there is professional praise. Plus it's essentially free debug testing for the companies participating.
Score: 7 Votes (Like | Disagree)
BigBeast Avatar
135 months ago
[...]if I understood correctly you would have to use both to really get control.

I would guess that if the second vulnerability circumvents sandboxing, that it should be the first fix. Webkit vulnerabilities are almost inevitable; that's why sandboxing exists. If sandboxing doesn't catch the threat or is bypassed, that's a greater weakness.
Score: 5 Votes (Like | Disagree)
2457282 Avatar
135 months ago
The article also said the team felt that Safari was more secure than other platforms. I am no expert but it does look like at least one is simple to fix and if I understood correctly you would have to use both to really get control. So if they fix either it would solve the problem.

Having said all that, if this is the most secure, the others have some really big problems.
Score: 4 Votes (Like | Disagree)
iamkarlp Avatar
135 months ago
Which one of thousand existing Linux distributives are you talking about? Linux is not an OS, its a kernel - and this is the reason why Linux is not even considered at PWN2OWN. The kernel is usually quite secure, its the software stack on its top that has vulnerabilities.

Indeed. And with the average GUI linux install being anywhere between 3~10 GB on disk, with the kernel only making up ~100MB of that, there is a lot of software stack to go around.

Karl P
Score: 3 Votes (Like | Disagree)

Popular Stories

iPhone 17 Plus Feature

iPhone 17 Lineup Specs Detail Display Upgrade and New High-End Model

Monday July 22, 2024 4:33 am PDT by
Key details about the overall specifications of the iPhone 17 lineup have been shared by the leaker known as "Ice Universe," clarifying several important aspects of next year's devices. Reports in recent months have converged in agreement that Apple will discontinue the "Plus" iPhone model in 2025 while introducing an all-new iPhone 17 "Slim" model as an even more high-end option sitting...
iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
Apple TV Plus Feature 2 Magenta and Blue

Apple TV+ Curbs Costs After Expensive Projects Fail to Capture Viewers

Monday July 22, 2024 5:11 am PDT by
Apple is scaling back its Hollywood spending after investing over $20 billion in original programming with limited success, Bloomberg reports. This shift comes after the streaming service, which launched in 2019, struggled to capture a significant share of the market, accounting for only 0.2% of TV viewership in the U.S., compared to Netflix's 8%. Despite heavy investment, critical acclaim,...
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
iPhone 17 Plus Feature Purple

These 5 Features Will Make the iPhone 17 the Biggest Update in Years

Monday July 22, 2024 4:02 pm PDT by
The upcoming iPhone 16 models that we're expecting to see in September are going to be quite similar to the iPhone 15 models, but rumors suggest that Apple is making big changes in 2025. We've been hearing hints of an all-new device in the iPhone lineup, and it may be the most expensive iPhone Apple has offered to date. New 'Slim' Design Rumors have taken to referring to the new iPhone 17...
iPhone SE 4 Thumb 1

iPhone SE 4 Rumored to Launch Early Next Year With OLED Display, 48MP Camera, and More

Monday July 22, 2024 7:22 am PDT by
The fourth-generation iPhone SE will offer a series of major upgrades over the current model, the leaker known as "Ice Universe" claims. The information was listed in a post on Weibo, which also detailed the specifications of the iPhone 17 lineup. As previously rumored, the fourth-generation iPhone SE is expected to feature Face ID and USB-C, marking a major upgrade from current and previous ...
bsod

Microsoft Blames European Commission for Major Worldwide Outage

Monday July 22, 2024 11:55 am PDT by
Last Friday, a major CrowdStrike outage impacted PCs running Microsoft Windows, causing worldwide issues affecting airlines, retailers, banks, hospitals, rail networks, and more. Computers were stuck in continuous recovery loops, rendering them unusable. The failure was caused by an update to the CrowdStrike Falcon antivirus software that auto-installed on Windows 10 PCs, but Mac and Linux...