The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes.

Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.

C6 w vqU8AA hjw

In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.

Later in the day, Chaitin Security Research Lab also targeted Safari with an escalation to root on macOS, finding success using a total of six bugs in their exploit chain, including "an info disclosure in Safari, four type confusion bugs in the browser, and a UAF in WindowServer". The combined efforts earned the team $35,000.

The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop, and Microsoft Edge on Windows.

Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two begins today at 8:30 a.m. Pacific and will involve additional exploit attempts against macOS and Safari.

Tags: Apple Security, Exploit, macOS, Pwn2Own, Safari, Security

Top Rated Comments

Kabeyun Avatar
Kabeyun
113 months ago
These people are pretty smart. Gotta say.
Score: 6 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
113 months ago
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?
Reading more into it. This is a yearly event. Every year they expose vulnerabilities in every OS. They provide each vendor with the vulnerability so it can be patched.
Score: 3 Votes (Like | Disagree)
NT1440 Avatar
NT1440
113 months ago
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?
It's a yearly competition, and the entire point is to find, disclose, and get these types of exploits closed. Note that they almost always spend months pre-planning (so avoid those "____ hacked in 30 seconds!" clickbait headlines) and it takes several combined exploits to get the results they want....as well as hands on with the computer.
Score: 3 Votes (Like | Disagree)
2457244 Avatar
2457244
113 months ago
Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.
Haha they get 28.000 for that? I've seen developers create stuff like this and called it an app or feature. ;) :rolleyes: o_O

You gotta love the Touch Bar folks. They look so pretty, don't they. Even my sister can get dates now.
Score: 2 Votes (Like | Disagree)
ApfelKuchen Avatar
ApfelKuchen
113 months ago
I was always under the impression Mac has enjoyed many years of very little exposure in terms of exploits or viruses mainly because hackers focused on the big fish like Microsoft. Microsoft's OS is used for business all over the world. As MacOS gains in popularity so will the number of hacks, viruses, and malware. Just a matter of time.
And while I'm purely speculating, the size of the Microsoft target is such that, perhaps, the prize money offered is insufficient - better to keep selling exploits on the black market. Leaving the public relations value aside ("Windows exploit? Ho hum!"), a target ten times the size justifies ten times the prize.
[doublepost=1489773007][/doublepost]
Apple representatives have attended the Pwn2Own contest in the past?? That's interesting. If it were my company I'd want someone at EVERY ONE of these kinds of contests.
This is standard news reportage. Unless you can report, as a fact, that Apple sends someone to "EVERY ONE of these kinds of contests," you fall back upon what you know is true.

It's highly likely that Apple does dispatch staff to every one of these kinds of contests. In addition to uncovering exploits, they'd seem to be pretty good places for recruiting talent, keeping in touch with the movers and shakers, etc. But "highly likely" is not provable fact, and chances are, due to the nature of travel, even if Apple dispatched staff to every such event, it doesn't mean they always arrived.
Score: 1 Votes (Like | Disagree)
joy.757 Avatar
joy.757
113 months ago
Really cool work. I am fascinated at how they do such stuff. I have no idea on how you'd even start.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 26

iOS 26.1 Available Now With These 8 New Features

Monday November 3, 2025 5:54 am PST by
Following more than a month of beta testing, Apple released iOS 26.1 on Monday, November 3. The update includes a handful of new features and changes, including the ability to adjust the look of Liquid Glass and more. Below, we outline iOS 26.1's key new features. Liquid Glass Toggle iOS 26.1 lets you choose your preferred look for Liquid Glass. In the Settings app, under Display...
Read Full Article
Finder Siri Feature

Apple's New Siri Will Be Powered By Google Gemini

Wednesday November 5, 2025 11:57 am PST by
The smarter, more capable version of Siri that Apple is developing will be powered by Google Gemini, reports Bloomberg. Apple will pay Google approximately $1 billion per year for a 1.2 trillion parameter artificial intelligence model that was developed by Google. For context, parameters are a measure of how a model understands and responds to queries. More parameters generally means more...
Read Full Article353 comments
2024 iPhone Boxes Feature

Apple Adjusts Trade-In Values for iPhones, iPads, Macs, and More

Thursday November 6, 2025 11:12 am PST by
Apple today updated its trade-in values for select iPhone, iPad, Mac, and Apple Watch models. Trade-ins can be completed on Apple's website, or at an Apple Store. The charts below provide an overview of Apple's current and previous trade-in values in the U.S., according to its website. Maximum values for most devices either decreased or saw no change, but the iPad Air received a slight bump. ...
Read Full Article61 comments
Apple Logo Spotlight

Report: Apple to Launch These New Products in 2026

Sunday November 2, 2025 5:34 am PST by
Apple is planning to launch at least 15 new products in 2026, according to Bloomberg's Mark Gurman. Gurman outlined what to expect from Apple in 2026 in the latest edition of his "Power On" newsletter. He said the company is heading "into one of its most pivotal years in recent memory," with the rollout of major new Apple Intelligence features, intense regulatory pressure on the App Store,...
Read Full Article55 comments
iOS 26

Apple Releases iOS 26.1 With Liquid Glass Toggle, Slide to Stop Alarm, New Apple Intelligence Languages and More

Monday November 3, 2025 1:11 pm PST by
Apple today released iOS 26.1, the first major update to the iOS 26 operating system that came out in September, iOS 26.1 comes over a month after iOS 26 launched. ‌iOS 26‌.1 is compatible with the ‌iPhone‌ 11 series and later, as well as the second-generation ‌iPhone‌ SE. The new software can be downloaded on eligible iPhones over-the-air by going to Settings > General >...
Read Full Article177 comments
Early Black Friday Deals 2

The Best Early Black Friday Apple Deals

Sunday November 2, 2025 10:04 am PST by
We're officially in the month of Black Friday, which will take place on Friday, November 28 in 2025. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more. In this article, the majority of the discounts will be found on Amazon. Note: MacRumors is an affiliate partner with some of these vendors. When ...
Read Full Article10 comments
tvOS 26 Feature

Apple Releases tvOS 26.1

Monday November 3, 2025 1:07 pm PST by
Apple today released tvOS 26.1, an update to the tvOS 26 operating system that came out in September. tvOS 26.1 is available on the Apple TV 4K and the Apple TV HD models, but Liquid Glass is only available on the second-generation Apple TV 4K or later. tvOS 26 can be downloaded using the Settings app on the ‌‌Apple TV‌‌. Open up Settings and go to System > Software Update to get the ...
Read Full Article22 comments
apple watch se 3 always on

Apple to Remove iPhone-Apple Watch Wi-Fi Sync in EU With iOS 26.2

Thursday November 6, 2025 4:37 am PST by
Apple in iOS 26.2 will disable automatic Wi-Fi network syncing between iPhone and Apple Watch in the European Union to comply with the bloc's regulations, suggests a new report. Normally, when an iPhone connects to a new Wi-Fi network, it automatically shares the network credentials with the paired Apple Watch. This allows the watch to connect to the same network independently – for...
Read Full Article179 comments