The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes.
Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.
The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop, and Microsoft Edge on Windows.
Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two begins today at 8:30 a.m. Pacific and will involve additional exploit attempts against macOS and Safari.
Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.
In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.Later in the day, Chaitin Security Research Lab also targeted Safari with an escalation to root on macOS, finding success using a total of six bugs in their exploit chain, including "an info disclosure in Safari, four type confusion bugs in the browser, and a UAF in WindowServer". The combined efforts earned the team $35,000.
The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop, and Microsoft Edge on Windows.
Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two begins today at 8:30 a.m. Pacific and will involve additional exploit attempts against macOS and Safari.
39 comments
Apple CEO Tim Cook and President Donald Trump this afternoon visited the Texas facility where Apple plans to manufacture some new Mac Pro models, and during the visit, Cook spoke with ABC News about...
Upcoming Apple TV+ film "The Banker" was set to have its world premiere at the AFI Fest in Hollywood on Thursday, but its debut has been postponed by Apple, reports Deadline.
Apple is...
Apple this afternoon shared a new featurette video that delves into the world creation for Apple TV+ show "For All Mankind."
"For All Mankind" imagines what the world might have...
Apple today announced that it has overhauled its Everyone Can Code curriculum to bring it to more elementary and middle school students around the world.
The new curriculum includes more...
Apple today launched new battery cases for the iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max, with the new cases available for $129.
This year's Smart Battery Cases are similar in...
Apple today seeded the third betas of upcoming iOS and iPadOS 13.3 updates to developers, one week after seeding second betas and three weeks after the release of iOS 13.2 and iPadOS 13.2 with new...
Apple today updated its website to introduce the 2019 holiday gift guide, something that the company debuts every year ahead of the winter holidays.
The gift guide is designed to recommend Apple...
As part of an antitrust probe, the U.S. House Judiciary Committee sent a letter to Apple in September with questions about its policies for the App Store, product repairs, and more. Apple has since...
