Two Zero-Day Vulnerabilities Discovered in Safari for Mac on Day One of Pwn2Own Hacking Contest

The 19th annual CanSecWest security conference is underway in Vancouver, Canada, including the annual Pwn2Own hacking contest, and two zero-day security vulnerabilities have so far been discovered in Safari on macOS.


The contest kicked off on Wednesday with security researchers Amat Cama and Richard Zhu teaming up against Safari. The duo successfully exploited the browser and escaped the sandbox by using a combination of an integer overflow, heap overflow, and brute force technique, earning them $55,000.

Later in the day, a trio of Niklas Baumstark, Luca Todesco, and Bruno Keith targeted Safari with a kernel elevation. They demonstrated a complete system compromise, but it was only a partial win since Apple supposedly already knew of one of the bugs used in the demo. They still netted $45,000.


In total, participants were awarded $240,000 on day one of Pwn2Own. Day two of the contest is currently underway. All exploits discovered during the contest are reported to the necessary companies like Apple so they can be patched.



Top Rated Comments

(View all)
Avatar
17 weeks ago

Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.


You know these "kids" do this for a living and the entire purpose of the contest – the whole reason it's there – is to find vulnerabilities in software? Be that from Apple, Google, Microsoft, or applications like VMWare and VirtualBox...

Also, they get paid for it. Quite a lot.

Good grief indeed.
Rating: 17 Votes
Avatar
17 weeks ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
Rating: 12 Votes
Avatar
17 weeks ago

Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.

These are not kids. They probably make more money doing this instead of working for a company like Apple.
Rating: 10 Votes
Avatar
17 weeks ago

Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.

What these guys do - (intentionally hunting vulnerabilities) - and what that kid did regarding FaceTime - (accidentally stumbled upon a vulnerability) - are not the same thing. Most of them are already gainfully employed.
Rating: 5 Votes
Avatar
17 weeks ago

but at least in the past they were using older versions of Apple's software, especially older versions of Safari, and the tricks they pulled couldn't be replicated in current versions.
so I would be curious to see deets on what they were actually trying to hack

also how many of these tricks could actually be performed IRL. can they remotely access my computer etc. or do they need access to my actual computer to target me.

I don't think that's right. Afaik, Pwn2Own has always required the most up to date versions of software to be running on systems. Again, afaik. Also, these aren't really tricks. There are different categories of devices they're trying to defeat. One that may be relevant to your IRL query is the attempt against Tesla that's happening today.

Direct info: https://www.thezdi.com/blog/2019/1/14/pwn2own-vancouver-2019-tesla-vmware-microsoft-and-more
Rating: 2 Votes
Avatar
17 weeks ago

Wrong. These are good things. These contests, bug bounties, etc., are designed to help improve software that can’t be perfect. Anyone who knows anything about major software development, including the little I know, knows that.


Seems like every month some kid finds some kid finding an exploit in some software and blames them as if they wrote the code. SO ANNOYING!
Rating: 1 Votes
Avatar
17 weeks ago
There seems to be some misconceptions about how these researchers work.

They don't just set them down in front of a machine and say "you have 1 hour to break into Safari" and away they go. They aren't "on-demand" hackers who can break into anything on the spot.

They would have spent months looking for vulnerabilities and testing exploits and kept them a secret until the conference. Then they'd demonstrate them (while being timed) and if they are able to replicate their exploit within the time frame they get the prize money.

The idea that you can just hire a few people like this to work at Apple and they'll simply sit down and clear up any exploits in your software is ridiculous.
Rating: 1 Votes
Avatar
17 weeks ago

Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.

Every other month a kid finds flaws in Microsoft and others software too. It is the nature of it. The longer it is around the more exploits that will be found. It is impossible for them to release software that is unexploitable.
Rating: 1 Votes
Avatar
17 weeks ago
The video slays me with the editing as if the vulnerabilities were discovered and execution for using the flaw happens in mere minutes. Sure, after it's already been discovered days, weeks, or months in advance with ample practice. When will it get to this point for a "test".

[MEDIA=youtube]mWqGJ613M5Y[/MEDIA]
Rating: 1 Votes
Avatar
17 weeks ago
I know the threat environment is changing, and the systems are getting more complex, and Apple is under more scrutiny than ever before, but it still feels like Apple's security cred is slipping.

I appreciate all of the work they're doing on privacy, but in this world these kinds of attacks are the biggest threats to privacy. They really need to keep security as a top priority.

Also: I appreciate the structure of this event. Hack like crazy and keep the companies in the loop.
Rating: 1 Votes
[ Read All Comments ]