The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes.
Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.
The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop, and Microsoft Edge on Windows.
Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two begins today at 8:30 a.m. Pacific and will involve additional exploit attempts against macOS and Safari.
Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.
In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.Later in the day, Chaitin Security Research Lab also targeted Safari with an escalation to root on macOS, finding success using a total of six bugs in their exploit chain, including "an info disclosure in Safari, four type confusion bugs in the browser, and a UAF in WindowServer". The combined efforts earned the team $35,000.
The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop, and Microsoft Edge on Windows.
Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two begins today at 8:30 a.m. Pacific and will involve additional exploit attempts against macOS and Safari.
39 comments
During today's earnings call covering the first fiscal quarter of 2020, Apple CEO Tim Cook was asked about 5G, and how much of a demand driver it might be for Apple.
Cook of course said...
During today's earnings call, Apple CEO Tim Cook commented on the coronavirus outbreak in China, which investors fear could potentially impact Apple's business, affecting production of both...
Following poor iPhone sales in the first quarter of 2019, Apple saw significant improvement in the first quarter of 2020, with iPhone sales bringing in $56 billion in revenue for 8 percent...
During the first quarter of 2020, Apple's wearables category set a new all-time revenue record, according to Apple CEO Tim Cook.
Apple's wearables earnings category, which includes...
Apple today announced financial results for its first fiscal quarter of 2020, which corresponds to the fourth calendar quarter of 2019.
For the quarter, Apple posted revenue of $91.8 billion...
iOS 13 is now installed on 77 percent of iPhones that were released in the last four years, according to updated adoption numbers that Apple shared today on its App Store support site for...
When Apple's latest iPhones were introduced in September, Filmic, known for its video recording apps, showed off a new app designed to capture video from multiple iPhone cameras at the same time,...
Signs of new Powerbeats 4 wireless earphones were found in the iOS 13.3 beta back in December, and in today's iOS 13.3.1 software release, there are a few icons that depict the design of the new...
