The 19th annual CanSecWest security conference is underway in Vancouver, Canada, including the annual Pwn2Own hacking contest, and two zero-day security vulnerabilities have so far been discovered in Safari on macOS.

pwn2own cama zhu
The contest kicked off on Wednesday with security researchers Amat Cama and Richard Zhu teaming up against Safari. The duo successfully exploited the browser and escaped the sandbox by using a combination of an integer overflow, heap overflow, and brute force technique, earning them $55,000.

Later in the day, a trio of Niklas Baumstark, Luca Todesco, and Bruno Keith targeted Safari with a kernel elevation. They demonstrated a complete system compromise, but it was only a partial win since Apple supposedly already knew of one of the bugs used in the demo. They still netted $45,000.


In total, participants were awarded $240,000 on day one of Pwn2Own. Day two of the contest is currently underway. All exploits discovered during the contest are reported to the necessary companies like Apple so they can be patched.

Tags: Pwn2Own, Safari

Top Rated Comments

keysofanxiety Avatar
keysofanxiety
89 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
You know these "kids" do this for a living and the entire purpose of the contest – the whole reason it's there – is to find vulnerabilities in software? Be that from Apple, Google, Microsoft, or applications like VMWare and VirtualBox...

Also, they get paid for it. Quite a lot.

Good grief indeed.
Score: 17 Votes (Like | Disagree)
M.PaulCezanne Avatar
M.PaulCezanne
89 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
Score: 12 Votes (Like | Disagree)
Peepo Avatar
Peepo
89 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
These are not kids. They probably make more money doing this instead of working for a company like Apple.
Score: 10 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
89 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
What these guys do - (intentionally hunting vulnerabilities) - and what that kid did regarding FaceTime - (accidentally stumbled upon a vulnerability) - are not the same thing. Most of them are already gainfully employed.
Score: 5 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
89 months ago
but at least in the past they were using older versions of Apple's software, especially older versions of Safari, and the tricks they pulled couldn't be replicated in current versions.
so I would be curious to see deets on what they were actually trying to hack

also how many of these tricks could actually be performed IRL. can they remotely access my computer etc. or do they need access to my actual computer to target me.
I don't think that's right. Afaik, Pwn2Own has always required the most up to date versions of software to be running on systems. Again, afaik. Also, these aren't really tricks. There are different categories of devices they're trying to defeat. One that may be relevant to your IRL query is the attempt against Tesla that's happening today.

Direct info: https://www.thezdi.com/blog/2019/1/14/pwn2own-vancouver-2019-tesla-vmware-microsoft-and-more
Score: 2 Votes (Like | Disagree)
Analog Kid Avatar
Analog Kid
89 months ago
I know the threat environment is changing, and the systems are getting more complex, and Apple is under more scrutiny than ever before, but it still feels like Apple's security cred is slipping.

I appreciate all of the work they're doing on privacy, but in this world these kinds of attacks are the biggest threats to privacy. They really need to keep security as a top priority.

Also: I appreciate the structure of this event. Hack like crazy and keep the companies in the loop.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

Touchscreen MacBook Feature

Apple Is Expected to Launch These Four MacBooks in 2026

Friday January 9, 2026 8:17 am PST by
2026 could be a bumper year for Apple's Mac lineup, with the company expected to announce as many as four separate MacBook launches. Rumors suggest Apple will court both ends of the consumer spectrum, with more affordable options for students and feature-rich premium lines for users that seek the highest specifications from a laptop. Below is a breakdown of what we're expecting over the next ...
Read Full Article110 comments
iPhone Top Left Hole Punch Face ID Feature Purple

10 Reasons to Wait for This Year's iPhone 18 Pro

Thursday January 8, 2026 2:56 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article75 comments
proposed unicode emoji 18%402x

Squinting Face, Pickle, and Lighthouse Among New Emoji Coming to iOS

Friday January 9, 2026 4:24 am PST by
The Unicode Consortium has published a draft list of emoji that could come to smartphones and other devices in the future. The list shared by Emojipedia outlines 19 emoji candidates under consideration for Emoji 18.0, which is expected to be finalized in September 2026. Among the proposed additions are a squinting face emoji, left- and right-pointing thumb gestures, a pickle, a lighthouse, a ...
Read Full Article81 comments
apple homekit ios 18 5

Apple Reminding Users of Pending Home App Upgrade Requirement

Friday January 9, 2026 10:08 am PST by
Back in late 2022 and early 2023, Apple rolled out a new architecture for its Apple Home platform to deliver improved performance and compatibility, although the rollout came with some hiccups that forced Apple to pull and later re-release the upgrade. Three years later, Apple is now on the verge of ending support for the old version of the Home architecture, which may result in access to...
Read Full Article86 comments
grok logo purple gradient

U.S. Senators Ask Apple and Google to Remove X and Grok Apps Over Sexualized Image Generation

Friday January 9, 2026 9:43 am PST by
In a letter to Apple CEO Tim Cook and Google CEO Sundar Pichai, U.S. Senators Ron Wyden, Ben Ray Lujan, and Edward Markey have requested that Apple and Google remove X Corp's X and Grok apps from their app stores over recent incidents of "mass generation of nonconsensual sexualized images of women and children." X has come under fire over the past week amid reports of Grok's AI image...
Read Full Article453 comments
iOS 26 Glass Feature

iOS 26 Shows Unusually Slow Adoption Months After Release

Thursday January 8, 2026 3:44 pm PST by
iOS 26 is showing unusually slow adoption among iPhone users months after release, according to third-party analytics. Usage data published by StatCounter (via Cult of Mac) for January 2026 indicates that only around 15 to 16% of active iPhones worldwide are running any version of iOS 26. The breakdown shows iOS 26.1 accounting for approximately 10.6% of devices, iOS 26.2 for about 4.6%, and ...
Read Full Article503 comments
iphone fold text

iPhone Fold to Pave Way for Thinner, Brighter Display on iPhone Air 2

Friday January 9, 2026 3:37 am PST by
The iPhone Fold will be the first Apple device to adopt a Samsung-made OLED technology called CoE (Color Filter on Encapsulation), which could make the display brighter and thinner than previous panels, reports The Elec. In a traditional OLED panel, a polarizing film sits above the display to cut reflections and improve contrast. The drawback is that this film also absorbs some of the OLED's ...
Read Full Article60 comments