Researchers Uncover macOS and Safari Exploits at Pwn2Own 2017

The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes.

Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.


In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.
Later in the day, Chaitin Security Research Lab also targeted Safari with an escalation to root on macOS, finding success using a total of six bugs in their exploit chain, including "an info disclosure in Safari, four type confusion bugs in the browser, and a UAF in WindowServer". The combined efforts earned the team $35,000.

The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop, and Microsoft Edge on Windows.

Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two begins today at 8:30 a.m. Pacific and will involve additional exploit attempts against macOS and Safari.



Top Rated Comments

(View all)
Avatar
1 week ago
These people are pretty smart. Gotta say.
Rating: 6 Votes
Avatar
1 week ago

So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?

It's a yearly competition, and the entire point is to find, disclose, and get these types of exploits closed. Note that they almost always spend months pre-planning (so avoid those "____ hacked in 30 seconds!" clickbait headlines) and it takes several combined exploits to get the results they want....as well as hands on with the computer.
Rating: 3 Votes
Avatar
1 week ago

So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?

Reading more into it. This is a yearly event. Every year they expose vulnerabilities in every OS. They provide each vendor with the vulnerability so it can be patched.
Rating: 3 Votes
Avatar
1 week ago

Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.


Haha they get 28.000 for that? I've seen developers create stuff like this and called it an app or feature. ;) :rolleyes: o_O

You gotta love the Touch Bar folks. They look so pretty, don't they. Even my sister can get dates now.
Rating: 2 Votes
Avatar
1 week ago

It's amazing how much faith and reliance we put into computers , with little to no idea how fragile the whole thing really is

And we must wake up from that false sense of security. After all the other huge problems we face as a species, solar CMEs or Coronal Mass Ejections ('https://wattsupwiththat.com/2017/02/01/still-far-more-worrisome-than-global-warming-solar-coronal-mass-ejections/'), is what we should prepare for most urgently. One massive outburst, which we are supposedly due for, and it could be curtains for our civilization as we currently know it.

We could potentially be back to the stone age, as much of our silicon is vulnerable and could be rendered crippled. In the extreme it could mean no more functioning government, emergency services, hospitals, food production, etc. Back to anarchy, every man for himself and survival of the fittest, which won't be very long without food and potable water. One alarming estimate I read predicted the perishing of 90% of the population within 6-9 months.

Can we imagine a world without computers, even for 6 mos to a year? Truly a scenario too horrific to contemplate, but the good news is we can prepare for it ('https://phys.org/news/2016-04-solar-storm-big-urgency.html') by protecting and shielding essential computing equipment, and such preparations can't come soon enough.
Rating: 1 Votes
Avatar
1 week ago
Really cool work. I am fascinated at how they do such stuff. I have no idea on how you'd even start.
Rating: 1 Votes
Avatar
6 days ago at 10:42 am

I was always under the impression Mac has enjoyed many years of very little exposure in terms of exploits or viruses mainly because hackers focused on the big fish like Microsoft. Microsoft's OS is used for business all over the world. As MacOS gains in popularity so will the number of hacks, viruses, and malware. Just a matter of time.


And while I'm purely speculating, the size of the Microsoft target is such that, perhaps, the prize money offered is insufficient - better to keep selling exploits on the black market. Leaving the public relations value aside ("Windows exploit? Ho hum!"), a target ten times the size justifies ten times the prize.
[doublepost=1489773007][/doublepost]

Apple representatives have attended the Pwn2Own contest in the past?? That's interesting. If it were my company I'd want someone at EVERY ONE of these kinds of contests.


This is standard news reportage. Unless you can report, as a fact, that Apple sends someone to "EVERY ONE of these kinds of contests," you fall back upon what you know is true.

It's highly likely that Apple does dispatch staff to every one of these kinds of contests. In addition to uncovering exploits, they'd seem to be pretty good places for recruiting talent, keeping in touch with the movers and shakers, etc. But "highly likely" is not provable fact, and chances are, due to the nature of travel, even if Apple dispatched staff to every such event, it doesn't mean they always arrived.
Rating: 1 Votes
[ Read All Comments ]