The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes.

Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.

C6 w vqU8AA hjw

In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.

Later in the day, Chaitin Security Research Lab also targeted Safari with an escalation to root on macOS, finding success using a total of six bugs in their exploit chain, including "an info disclosure in Safari, four type confusion bugs in the browser, and a UAF in WindowServer". The combined efforts earned the team $35,000.

The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop, and Microsoft Edge on Windows.

Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two begins today at 8:30 a.m. Pacific and will involve additional exploit attempts against macOS and Safari.

Tags: Apple Security, Exploit, macOS, Pwn2Own, Safari, Security

Top Rated Comments

Kabeyun Avatar
Kabeyun
115 months ago
These people are pretty smart. Gotta say.
Score: 6 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
115 months ago
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?
Reading more into it. This is a yearly event. Every year they expose vulnerabilities in every OS. They provide each vendor with the vulnerability so it can be patched.
Score: 3 Votes (Like | Disagree)
NT1440 Avatar
NT1440
115 months ago
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?
It's a yearly competition, and the entire point is to find, disclose, and get these types of exploits closed. Note that they almost always spend months pre-planning (so avoid those "____ hacked in 30 seconds!" clickbait headlines) and it takes several combined exploits to get the results they want....as well as hands on with the computer.
Score: 3 Votes (Like | Disagree)
2457244 Avatar
2457244
115 months ago
Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.
Haha they get 28.000 for that? I've seen developers create stuff like this and called it an app or feature. ;) :rolleyes: o_O

You gotta love the Touch Bar folks. They look so pretty, don't they. Even my sister can get dates now.
Score: 2 Votes (Like | Disagree)
ApfelKuchen Avatar
ApfelKuchen
115 months ago
I was always under the impression Mac has enjoyed many years of very little exposure in terms of exploits or viruses mainly because hackers focused on the big fish like Microsoft. Microsoft's OS is used for business all over the world. As MacOS gains in popularity so will the number of hacks, viruses, and malware. Just a matter of time.
And while I'm purely speculating, the size of the Microsoft target is such that, perhaps, the prize money offered is insufficient - better to keep selling exploits on the black market. Leaving the public relations value aside ("Windows exploit? Ho hum!"), a target ten times the size justifies ten times the prize.
[doublepost=1489773007][/doublepost]
Apple representatives have attended the Pwn2Own contest in the past?? That's interesting. If it were my company I'd want someone at EVERY ONE of these kinds of contests.
This is standard news reportage. Unless you can report, as a fact, that Apple sends someone to "EVERY ONE of these kinds of contests," you fall back upon what you know is true.

It's highly likely that Apple does dispatch staff to every one of these kinds of contests. In addition to uncovering exploits, they'd seem to be pretty good places for recruiting talent, keeping in touch with the movers and shakers, etc. But "highly likely" is not provable fact, and chances are, due to the nature of travel, even if Apple dispatched staff to every such event, it doesn't mean they always arrived.
Score: 1 Votes (Like | Disagree)
joy.757 Avatar
joy.757
115 months ago
Really cool work. I am fascinated at how they do such stuff. I have no idea on how you'd even start.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

iphone 17 models

No iPhone 18 Launch This Year, Reports Suggest

Thursday January 1, 2026 8:43 am PST by
Apple is not expected to release a standard iPhone 18 model this year, according to a growing number of reports that suggest the company is planning a significant change to its long-standing annual iPhone launch cycle. Despite the immense success of the iPhone 17 in 2025, the iPhone 18 is not expected to arrive until the spring of 2027, leaving the iPhone 17 in the lineup as the latest...
Read Full Article116 comments
duolingo ad live activity

Duolingo Used iPhone's Dynamic Island to Display Ads, Violating Apple Design Guidelines

Friday January 2, 2026 1:36 pm PST by
Language learning app Duolingo has apparently been using the iPhone's Live Activity feature to display ads on the Lock Screen and the Dynamic Island, which violates Apple's design guidelines. According to multiple reports on Reddit, the Duolingo app has been displaying an ad for a "Super offer," which is Duolingo's paid subscription option. Apple's guidelines for Live Activity state that...
Read Full Article104 comments
Clicks Communicator Feature

'Clicks Communicator' Unveiled — Will You Carry This With Your iPhone?

Friday January 2, 2026 6:35 am PST by
The company behind the BlackBerry-like Clicks Keyboard accessory for the iPhone today unveiled a new Android 16 smartphone called the Clicks Communicator. The purpose-built device is designed to be used as a second phone alongside your iPhone, with the intended focus being communication over content consumption. It runs a custom Android launcher that offers a curated selection of messaging...
Read Full Article185 comments
Low Cost MacBook Feature A18 Pro

Low-Price 12.9-Inch MacBook With A18 Pro Chip Reportedly Launching Early This Year

Friday January 2, 2026 9:08 am PST by
Apple plans to introduce a 12.9-inch MacBook in spring 2026, according to TrendForce. In a press release this week, the Taiwanese research firm said this MacBook will be aimed at the entry-level to mid-range market, with "competitive pricing." TrendForce did not share any further details about this MacBook, but the information that it shared lines up with several rumors about a more...
Read Full Article181 comments
Low Cost A18 Pro MacBook Feature Pink

Apple's 2026 Low-Cost A18 Pro MacBook: What We Know So Far

Friday January 2, 2026 4:33 pm PST by
Apple is planning to release a low-cost MacBook in 2026, which will apparently compete with more affordable Chromebooks and Windows PCs. Apple's most affordable Mac right now is the $999 MacBook Air, and the upcoming low-cost MacBook is expected to be cheaper. Here's what we know about the low-cost MacBook so far. Size Rumors suggest the low-cost MacBook will have a display that's around 13 ...
Read Full Article137 comments
Apple Fitness Plus hero

Apple Announces New Fitness+ Workout Programs, Strava Challenge, and More

Friday January 2, 2026 6:43 am PST by
Apple today announced a number of updates to Apple Fitness+ and activity with the Apple Watch. The key announcements include: New Year limited-edition award: Users can win the award by closing all three Activity Rings for seven days in a row in January. "Quit Quitting" Strava challenge: Available in Strava throughout January, users who log 12 workouts anytime in the month will win an ...
Read Full Article64 comments
govee floor lamp

CES 2026: Govee Announces New Matter-Connected Ceiling and Floor Lights

Sunday January 4, 2026 5:00 am PST by
Govee today introduced three new HomeKit-compatible lighting products, including the Govee Floor Lamp 3, the Govee Ceiling Light Ultra, and the Govee Sky Ceiling Light. The Govee Floor Lamp 3 is the successor to the Floor Lamp 2, and it offers Matter integration with the option to connect to HomeKit. The Floor Lamp 3 offers an upgraded LuminBlend+ lighting system that can reproduce 281...
Read Full Article44 comments
airpods pro 3 glitter

AirPods New Year's Deals Include Up to $99 Off AirPods Max, AirPods Pro 3, and AirPods 4

Sunday January 4, 2026 8:04 am PST by
Now that the calendar has flipped over into January, steep discounts on popular Apple products have become more rare after the holidays. However, if you didn't get a new pair of AirPods recently and are looking for a model on sale, Amazon does have a few solid second-best prices this week. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...
Read Full Article8 comments