The 19th annual CanSecWest security conference is underway in Vancouver, Canada, including the annual Pwn2Own hacking contest, and two zero-day security vulnerabilities have so far been discovered in Safari on macOS.

pwn2own cama zhu
The contest kicked off on Wednesday with security researchers Amat Cama and Richard Zhu teaming up against Safari. The duo successfully exploited the browser and escaped the sandbox by using a combination of an integer overflow, heap overflow, and brute force technique, earning them $55,000.

Later in the day, a trio of Niklas Baumstark, Luca Todesco, and Bruno Keith targeted Safari with a kernel elevation. They demonstrated a complete system compromise, but it was only a partial win since Apple supposedly already knew of one of the bugs used in the demo. They still netted $45,000.


In total, participants were awarded $240,000 on day one of Pwn2Own. Day two of the contest is currently underway. All exploits discovered during the contest are reported to the necessary companies like Apple so they can be patched.

Top Rated Comments

keysofanxiety Avatar
68 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
You know these "kids" do this for a living and the entire purpose of the contest – the whole reason it's there – is to find vulnerabilities in software? Be that from Apple, Google, Microsoft, or applications like VMWare and VirtualBox...

Also, they get paid for it. Quite a lot.

Good grief indeed.
Score: 17 Votes (Like | Disagree)
M.PaulCezanne Avatar
68 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
Score: 12 Votes (Like | Disagree)
Peepo Avatar
68 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
These are not kids. They probably make more money doing this instead of working for a company like Apple.
Score: 10 Votes (Like | Disagree)
69Mustang Avatar
68 months ago
Seems like every other month some kid finds an exploit in Apple software. Yes - I know no software is perfect, but you’d think the world’s richest company could do better.

At least hire these kids, good grief.
What these guys do - (intentionally hunting vulnerabilities) - and what that kid did regarding FaceTime - (accidentally stumbled upon a vulnerability) - are not the same thing. Most of them are already gainfully employed.
Score: 5 Votes (Like | Disagree)
69Mustang Avatar
68 months ago
but at least in the past they were using older versions of Apple's software, especially older versions of Safari, and the tricks they pulled couldn't be replicated in current versions.
so I would be curious to see deets on what they were actually trying to hack

also how many of these tricks could actually be performed IRL. can they remotely access my computer etc. or do they need access to my actual computer to target me.
I don't think that's right. Afaik, Pwn2Own has always required the most up to date versions of software to be running on systems. Again, afaik. Also, these aren't really tricks. There are different categories of devices they're trying to defeat. One that may be relevant to your IRL query is the attempt against Tesla that's happening today.

Direct info: https://www.thezdi.com/blog/2019/1/14/pwn2own-vancouver-2019-tesla-vmware-microsoft-and-more
Score: 2 Votes (Like | Disagree)
Analog Kid Avatar
68 months ago
I know the threat environment is changing, and the systems are getting more complex, and Apple is under more scrutiny than ever before, but it still feels like Apple's security cred is slipping.

I appreciate all of the work they're doing on privacy, but in this world these kinds of attacks are the biggest threats to privacy. They really need to keep security as a top priority.

Also: I appreciate the structure of this event. Hack like crazy and keep the companies in the loop.
Score: 1 Votes (Like | Disagree)

Popular Stories

iOS 17

iOS 17.5 Bug May Also Resurface Deleted Photos on Wiped, Sold Devices [Updated]

Friday May 17, 2024 12:24 pm PDT by
A bug in iOS 17.5 is apparently causing photos that have been deleted to reappear, and the issue seems to impact even iPhones and iPads that have been erased and sold off to other people. A Reddit user wiped an iPad following Apple's guidelines in September of 2023 before selling it off to a friend. That friend updated the iPad to iPadOS 17.5 this week, and began seeing the Reddit user's old ...
iphone se 4 modified flag edges

When to Expect the Next iPhone SE to Launch

Friday May 17, 2024 2:03 pm PDT by
It has been over two years since Apple released the third-generation iPhone SE, and rumors continue to surface about a new model. The latest word comes from The Information, which today reported that Apple plans to release a new iPhone SE with a design similar to the standard iPhone 14 in the spring of 2025. If this rumor is accurate, the iPhone SE would finally gain Face ID and a notch...
oled m4 ipad pro grainy display reports

OLED iPad Pro Users Report 'Grainy' Displays, But It May Not Be a Defect

Friday May 17, 2024 5:57 am PDT by
Some new M4 iPad Pro models are exhibiting a visible static grain pattern across the OLED display, according to several user reports on Reddit (1, 2, 3) and the MacRumors Forums. Image credit: MacRumors user bk215 Users who see the grain generally report that it is most noticeable in dark environments with the display set at a low to medium brightness while viewing content with gray or muted...
iOS 17

Troubling iOS 17.5 Bug Reportedly Resurfacing Old Deleted Photos

Wednesday May 15, 2024 5:29 am PDT by
There are concerning reports on Reddit that Apple's latest iOS 17.5 update has introduced a bug that causes old photos that were deleted – in some cases years ago – to reappear in users' photo libraries. After updating their iPhone, one user said they were shocked to find old NSFW photos that they deleted in 2021 suddenly showing up in photos marked as recently uploaded to iCloud. Other...
Delta Hands On Feature

iPhone Emulators on the App Store: Game Boy, N64, PS1, PSP, and More

Thursday May 16, 2024 12:45 pm PDT by
In April, Apple updated its guidelines to allow retro game emulators on the App Store, and several popular emulators have already been released. The emulators released so far allow iPhone users to play games released for older consoles from Nintendo, Sony, SEGA, Atari, and others. A list of some popular emulators available on the App Store so far follows. Released Delta Delta is...
iphone 15 pro max vs iphone 16 pro max

iPhone 16 Pro Max Looks This Much Bigger Beside iPhone 15 Pro Max

Thursday May 16, 2024 4:51 am PDT by
This year's upcoming iPhone 16 Pro Max is expected to get a boost in overall size from 6.7-inches to 6.9-inches, and a new image gives us a good idea of how the current iPhone 15 Pro Max compares to what could be Apple's largest ever iPhone. The image above, posted on X by ZONEofTECH, shows a dummy model representing the ‌iPhone 16 Pro‌ Max alongside an actual iPhone 15 Pro Max. Dummy...