Security Researcher Earns $100,000 for Safari Exploit in Pwn2Own Hacking Contest - MacRumors
Skip to Content

Security Researcher Earns $100,000 for Safari Exploit in Pwn2Own Hacking Contest

Each year, the Zero Day Initiative hosts a "Pwn2Own" hacking contest where security researchers can earn money for finding serious vulnerabilities in major platforms like Windows and macOS.


This 2021 Pwn2Own virtual event kicked off earlier this week and featured 23 separate hacking attempts across 10 different products including web browsers, virtualization, servers, and more. A three-day affair that spans multiple hours a day, this year's Pwn2Own event was livestreamed on YouTube.

Apple products were not heavily targeted in Pwn2Own 2021, but on day one, Jack Dates from RET2 Systems executed a Safari to kernel zero-day exploit and earned himself $100,000. He used an integer overflow in Safari and an OOB write to get kernel-level code execution, as demoed in the tweet below.


Other hacking attempts during the Pwn2Own event targeted Microsoft Exchange, Parallels, Windows 10, Microsoft Teams, Ubuntu, Oracle VirtualBox, Zoom, Google Chrome, and Microsoft Edge.

A serious Zoom flaw was demonstrated by Dutch researchers Daan Keuper and Thijs Alkemade, for example. The duo exploited a trio of flaws to get total control of a target PC using the Zoom app with no user interaction.


Pwn2Own participants received more than $1.2 million in rewards for the bugs they discovered. Pwn2Own gives vendors like Apple 90 days to produce a fix for the vulnerabilities that are uncovered, so we can expect the bug to be addressed in an update in the not too distant future.

Tag: Safari

Popular Stories

safari notify macos 27

New Safari Can Monitor a Webpage and Notify You of Updates

Monday June 8, 2026 11:04 am PDT by
Apple's new version of Safari browser in macOS 27 and iOS 27 can be tasked to monitor a webpage and notify you of any changes, thanks to a new built-in feature. With "Notify Me," Safari can keep checking a website on your behalf – such as a product you've been watching for when it comes back in stock – and alert you when a change occurs. In other upcoming feature additions, using the ...
safari tab groups apple intelligence

Apple Brings AI Tab Organization and AI-Generated Extensions to Safari

Monday June 8, 2026 1:18 pm PDT by
Apple today unveiled a raft of Safari upgrades powered by Apple Intelligence, including automatic tab organization, AI-generated custom extensions, and new privacy-first browsing tools. The centerpiece feature is automatic tab organization, which uses Apple Intelligence to group a user's open tabs into relevant topics without any manual intervention. If someone is planning a weekend trip,...
iphone 17 ceramic shield

iPhone 18 With 9GB RAM Still Won't Support Two New iOS 27 Features

Friday July 3, 2026 12:10 pm PDT by
The lower-end iPhone 18 and iPhone 18e will be equipped with 9GB of RAM, up from 8GB in the iPhone 17 and iPhone 17e, according to supply chain analyst Ming-Chi Kuo. In a social media post, Kuo said the 1GB increase in RAM will ensure that Apple Intelligence features continue to run smoothly on the pair of devices. The higher-end iPhone 18 Pro, iPhone 18 Pro Max, and foldable "iPhone Ultra...

Top Rated Comments

antiprotest Avatar
69 months ago
Please set up a reward for fixing iCloud Tabs sync. Apparently the people at Apple cannot do it after like a decade.
Score: 16 Votes (Like | Disagree)
69 months ago

The Chinese government is run by Chinese. And yes, if you signaling out Chinese government, you are basically saying Chinese are cheaters and Chinese are theft.

But every government in the world do spy on each other, stealing information etc.
That's some pretty loopy logic there. If I criticise the Canadian government am I racist towards Canadians (after all it's run by Canadians)? Of course not, what ridiculousness. There are 1.4 billion Chinese people and being critical of their leadership is not the same thing as hating 1.4 billion people because of their ethnicity. And if you think you think they are your friend, you better read up on your own history (Nortel IP theft for example).
Score: 9 Votes (Like | Disagree)
69 months ago

Aren’t you are being racist when you single out Chinese government?
The Chinese government is not a race.
Score: 9 Votes (Like | Disagree)
steve217 Avatar
69 months ago
Given the cost of a breach, $100k is a bargain.
Score: 7 Votes (Like | Disagree)
BWhaler Avatar
69 months ago
I always worry given Zoom’s ties to China and the slip-shot way they went for growth above all, if some of these “flaws” are actually backdoors.

As convienent and pervasive as Zoom is, no way I would trust it if I was a CTO or enterprise security officer.
Score: 5 Votes (Like | Disagree)
T Coma Avatar
69 months ago
Ah yes, the old integer overflow and OOB write trick. Classic.
Score: 3 Votes (Like | Disagree)