The sixteenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, and researchers participating in the Pwn2Own computer hacking contest have already discovered multiple vulnerabilities in OS X and the Safari web browser on the desktop.

Safari-OS-X
On day one of the event, independent security researcher JungHoon Lee earned $60,000 after exploiting both OS X and Safari. Lee uncovered four vulnerabilities in total, including one exploit in Safari and three other vulnerabilities within the OS X operating system, according to security firm Trend Micro.

JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Apple Safari to gain root privileges. The attack consisted of four new vulnerabilities: a use-after-free vulnerability in Safari and three additional vulnerabilities, including a heap overflow to escalate to root. This demonstration earned 10 Master of Pwn points and US$60,000.

Meanwhile, the report claims that the Tencent Security Team Shield group successfully executed code that enabled them to gain root privileges to Safari using "two use-after-free vulnerabilities," including one in Safari and the other in a "privileged process." The researchers were awarded $40,000 in prize money.

The five participating teams earned a total of $282,500 in prizes on day one, including a leading $132,500 earned by the 360Vulcan Team, according to the report. Other web browsers and plugins that were successfully targeted include Adobe Flash, Google Chrome, and Microsoft Edge on Windows.


Apple representatives have attended Pwn2Own in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two began today at 9:00 a.m. Pacific and will involve additional exploit attempts against OS X and Safari.

Top Rated Comments

zorinlynx Avatar
67 months ago
This is a reminder of the reason why, even though you have a Mac, you should be careful about browsing shady websites.

Every system is exploitable, even one with a good track record like OS X. Be careful where you browse. Stay up to date on updates. This is also why I'm angered by websites that force you to turn off ad blockers; ad networks are the #1 source of malware there is.
Score: 24 Votes (Like | Disagree)
thederby Avatar
67 months ago
$60,000 for one day's work....I think I need to change jobs.
this is more than one day's work.
Score: 19 Votes (Like | Disagree)
'Dorian Avatar
67 months ago
This is a reminder of the reason why, even though you have a Mac, you should be careful about browsing shady websites.

Every system is exploitable, even one with a good track record like OS X. Be careful where you browse. Stay up to date on updates. This is also why I'm angered by websites that force you to turn off ad blockers; ad networks are the #1 source of malware there is.
Ad blockers like Adblock still allow non-intrusive and non-malicious ads. If a website makes you turn off Adblock, you might have to wonder why.

I wonder if Apple could use this in their FBI case. "Um guys... you want us to create a back door, there's contests that reward people for breaking the code. Imagine if they KNEW there was a back door and they just needed to find it."
Score: 9 Votes (Like | Disagree)
Goatllama Avatar
67 months ago
"Attempts to compromise Adobe Flash player were confounded when its doors were found to be completely open..." ;)
Score: 8 Votes (Like | Disagree)
T Coma Avatar
67 months ago
$60,000 for one day's work.
And 10 Master of Pwn points!!!
Score: 6 Votes (Like | Disagree)
2457282 Avatar
67 months ago
Was the FBI in attendance taking notes?
Score: 4 Votes (Like | Disagree)

Top Stories

prosser macbook air colors stacked

Images Reveal Colorful New MacBook Air Design

Tuesday May 11, 2021 5:06 am PDT by
Apple's next MacBook Air will feature a completely new design and come in a range of colors like the 24-inch iMac, according to leaker Jon Prosser, who has now released supposedly accurate renders of the new machines based on leaked images. In a new video uploaded to YouTube channel Front Page Tech, Prosser elaborated on his previous prediction that Apple's next-generation MacBook Air models ...
iPhone 13 Camera Backs

iPhone 13 Models Will Be Slightly Thicker and Will Have Larger Camera Bumps

Monday May 10, 2021 10:41 am PDT by
Apple's upcoming iPhone 13 models will be slightly thicker than the iPhone 12 models and will also feature larger, thicker camera bumps with lenses that protrude less, according to iPhone 13 schematics seen by MacRumors. The new iPhone 13 and 13 Pro models are expected to feature a thickness of 7.57mm, up from 7.4mm in the iPhone 12 models. That's an increase of 0.17mm, which won't be hugely ...
m1 ipad pro chip

M1 iPad Pro Over 50% Faster Than Previous Generation in Early Benchmarks

Tuesday May 11, 2021 11:56 am PDT by
Last month, Apple introduced a new iPad Pro with the same M1 chip found in the latest Macs, and early benchmark results indicate that the M1 iPad Pro is over 50% faster than the previous-generation iPad Pro. Based on five legitimate Geekbench 5 results (here's the fifth) for the fifth-generation 12.9-inch iPad Pro with the M1 chip, the device has average single-core and multi-core scores of...
3d printed airtag case siri remote

3D-Printed Case Lets You Attach an AirTag to Your Apple TV Remote

Monday May 10, 2021 8:11 am PDT by
Apple recently released a redesigned Siri Remote with a physical clickpad, but if you have an original Siri Remote laying around that you still plan on using, you may be interested in getting an AirTag case for the remote. Etsy user PrintSpiredDesigns has capitalized on the opportunity with a new 3D printed, made-to-order AirTag case for the original Siri Remote. The remote slides into the...
airtag hacked

AirTag Successfully Hacked to Show Custom URL in Lost Mode

Monday May 10, 2021 1:52 am PDT by
The inevitable race to hack Apple's AirTag item tracker has reportedly been won by a German security researcher, who managed to break into the device's microcontroller and successfully modify its firmware. Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳/cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph— stacksmashing ...
iPad Pro Feature

Early M1 iPad Pro Orders Now Preparing to Ship

Tuesday May 11, 2021 9:41 am PDT by
Apple will soon ship out 11 and 12.9-inch M1 iPad Pro models, according to multiple Twitter users and MacRumors readers who have seen their orders shift to "Preparing to Ship" status. So far, we haven't seen any shipment notifications, but that's the next step and is likely to happen in the near future. Apple has not provided an exact delivery date to those who ordered a new M1 iPad Pro, but ...
maxresdefault

Video: Make Your iPhone Last Longer With These Battery Preserving Tips

Monday May 10, 2021 1:23 pm PDT by
Maximizing battery life is something that many iPhone users deal with on a regular basis as we all want our iPhones to last as long as possible. Sometimes there are bugs in iOS that make the battery drain faster, and sometimes we just need to eke out as much as possible on a long day out and about. Subscribe to the MacRumors YouTube channel for more videos. In our latest YouTube video, MacRumo...
Apple 5G Modem Feature

Kuo: Apple-Designed 5G Modem May Debut in iPhones as Early as 2023

Sunday May 9, 2021 10:02 pm PDT by
Apple plans to adopt its own custom-designed 5G baseband chip starting with the 2023 iPhones, meaning it'll no longer need to rely on Qualcomm to supply the 5G cellular modem for the iPhone, Apple analyst Ming-Chi Kuo said today in an investors note obtained by MacRumors. According to Kuo, Apple plans to include its own custom-designed 5G baseband chip starting with the launch of the 2023...
tracking disabled ios 14 5

Analytics Suggest 96% of Users Leave App Tracking Disabled in iOS 14.5

Friday May 7, 2021 1:51 am PDT by
An early look at an ongoing analysis of Apple's App Tracking Transparency suggests that the vast majority of iPhone users are leaving app tracking disabled since the feature went live on April 26 with the release of iOS 14.5. According to the latest data from analytics firm Flurry, just 4% of iPhone users in the U.S. have actively chosen to opt into app tracking after updating their device...
macos big sur ios 14 iphone 12 pro macbook air icloud drive desktop documents hero

Apple Merging 'iCloud Documents and Data' Service With iCloud Drive in May 2022

Tuesday May 11, 2021 2:36 am PDT by
Apple plans to merge its iCloud Documents and Data service with iCloud Drive starting in May of 2022, according to a support document published late last week (via MacGeneration). iCloud Drive and iCloud Documents and Data share the fundamental ability to backup data from apps. However, iCloud Documents and Data was often a cumbersome, confusing experience. In contrast, iCloud Drive is more...