The 19th annual CanSecWest security conference is underway in Vancouver, Canada, including the annual Pwn2Own hacking contest, and two zero-day security vulnerabilities have so far been discovered in Safari on macOS.

pwn2own cama zhu
The contest kicked off on Wednesday with security researchers Amat Cama and Richard Zhu teaming up against Safari. The duo successfully exploited the browser and escaped the sandbox by using a combination of an integer overflow, heap overflow, and brute force technique, earning them $55,000.

Later in the day, a trio of Niklas Baumstark, Luca Todesco, and Bruno Keith targeted Safari with a kernel elevation. They demonstrated a complete system compromise, but it was only a partial win since Apple supposedly already knew of one of the bugs used in the demo. They still netted $45,000.


In total, participants were awarded $240,000 on day one of Pwn2Own. Day two of the contest is currently underway. All exploits discovered during the contest are reported to the necessary companies like Apple so they can be patched.

Tags: Pwn2Own, Safari

Top Rated Comments

keysofanxiety Avatar
keysofanxiety
79 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
You know these "kids" do this for a living and the entire purpose of the contest – the whole reason it's there – is to find vulnerabilities in software? Be that from Apple, Google, Microsoft, or applications like VMWare and VirtualBox...

Also, they get paid for it. Quite a lot.

Good grief indeed.
Score: 17 Votes (Like | Disagree)
M.PaulCezanne Avatar
M.PaulCezanne
79 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
Score: 12 Votes (Like | Disagree)
Peepo Avatar
Peepo
79 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
These are not kids. They probably make more money doing this instead of working for a company like Apple.
Score: 10 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
79 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
What these guys do - (intentionally hunting vulnerabilities) - and what that kid did regarding FaceTime - (accidentally stumbled upon a vulnerability) - are not the same thing. Most of them are already gainfully employed.
Score: 5 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
79 months ago
but at least in the past they were using older versions of Apple's software, especially older versions of Safari, and the tricks they pulled couldn't be replicated in current versions.
so I would be curious to see deets on what they were actually trying to hack

also how many of these tricks could actually be performed IRL. can they remotely access my computer etc. or do they need access to my actual computer to target me.
I don't think that's right. Afaik, Pwn2Own has always required the most up to date versions of software to be running on systems. Again, afaik. Also, these aren't really tricks. There are different categories of devices they're trying to defeat. One that may be relevant to your IRL query is the attempt against Tesla that's happening today.

Direct info: https://www.thezdi.com/blog/2019/1/14/pwn2own-vancouver-2019-tesla-vmware-microsoft-and-more
Score: 2 Votes (Like | Disagree)
Analog Kid Avatar
Analog Kid
79 months ago
I know the threat environment is changing, and the systems are getting more complex, and Apple is under more scrutiny than ever before, but it still feels like Apple's security cred is slipping.

I appreciate all of the work they're doing on privacy, but in this world these kinds of attacks are the biggest threats to privacy. They really need to keep security as a top priority.

Also: I appreciate the structure of this event. Hack like crazy and keep the companies in the loop.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article239 comments
Generic iOS 18

iOS 18.4 Coming Soon With These New Features for Your iPhone

Tuesday March 25, 2025 6:45 am PDT by
Apple is expected to release iOS 18.4 to the general public as soon as next week, following more than a month of beta testing. Apple's website says some iOS 18.4 features will be released in "early April," so the update should be out as early as Tuesday, April 1. Apple this week seeded the iOS 18.4 Release Candidate, which is typically the final beta version, barring the discovery of any...
Read Full Article14 comments
ios 19 messages app

Here's What Apple's iOS 19 Messages App Might Look Like

Tuesday March 25, 2025 11:52 am PDT by
Leaker Jon Prosser today shared a mockup of what he says the Messages app will look like in iOS 19, demoing an interface with rounded, translucent bubble-shaped navigation buttons at the top and softer, rounder corners for the keyboard and word suggestions. Jon Prosser's Messages app mockup The return button, a button for going back to the Messages list, and the FaceTime button have a deeper...
Read Full Article93 comments
iCloud General Feature Redux

iPhone Users Who Pay for iCloud Storage Receive a New Perk

Thursday March 20, 2025 12:01 am PDT by
If you pay for iCloud storage on your iPhone, Apple has a new perk for you, at no additional cost. The new perk is the ability to create invitations in the Apple Invites app for the iPhone, which launched in the App Store last month. In the Apple Invites app, iCloud+ subscribers can create invitations for any occasion, such as birthday parties, graduations, baby showers, and more. Anyone ...
Read Full Article30 comments
airpods max 2024 colors

Don't Buy Into Apple's Hype About AirPods Max Gaining Lossless Audio

Monday March 24, 2025 4:24 pm PDT by
Apple today announced that AirPods Max with a USB-C port will be gaining support for lossless audio and ultra-low latency audio with a firmware update next month, alongside the release of iOS 18.4, iPadOS 18.4, and macOS 15.4. For context, audio files are typically compressed to keep file sizes smaller. There are lossy compression standards like MP3 and AAC (Advanced Audio Codec), which...
Read Full Article266 comments
Generic iOS 19 Feature Mock

Gurman: Jon Prosser's iOS 19 Mockups 'Aren't Representative' of Redesign

Tuesday March 25, 2025 4:47 pm PDT by
The iOS 19 mockup images that leaker Jon Prosser shared today are not representative of the actual iOS 19 design, Bloomberg's Mark Gurman said on social media. According to Gurman, the images that are "floating around" are based on "very old builds" or "vague descriptions," and are lacking key features. Gurman says that we can "expect more from Apple in June." Gurman made the same comment ...
Read Full Article131 comments
Apple Lumon Terminal Pro

Apple's Mac Site Features Fictional 'Lumon Terminal Pro'

Wednesday March 26, 2025 12:19 pm PDT by
Apple is going all out with promotions for the popular Severance Apple TV+ show today, and as of right now, you'll find a new "Lumon Terminal Pro" listed on Apple's Mac site. The Lumon Terminal Pro is designed to look similar to the machines that Severance employees like Mark S. and Helly R. use for macrodata refinement. The Terminal features a blue keyboard, a small display with wide...
Read Full Article104 comments
macbook pro blue green

When Will Apple Release the M5 MacBook Pro?

Wednesday March 26, 2025 4:53 pm PDT by
Apple regularly refreshes the MacBook Pro models, and a new version that uses M5 series chips is in the works. Apple just finished refreshing most of the Mac lineup with M4 chips, and now it's time for the M5. Rumors suggest that we could see the first M5 MacBook Pro models this fall. Design There have been no rumors of a design update for the M5 MacBook Pro models that are coming this...
Read Full Article108 comments