Security Researcher Earns $100,000 for Safari Exploit in Pwn2Own Hacking Contest

Each year, the Zero Day Initiative hosts a "Pwn2Own" hacking contest where security researchers can earn money for finding serious vulnerabilities in major platforms like Windows and macOS.


This 2021 Pwn2Own virtual event kicked off earlier this week and featured 23 separate hacking attempts across 10 different products including web browsers, virtualization, servers, and more. A three-day affair that spans multiple hours a day, this year's Pwn2Own event was livestreamed on YouTube.

Apple products were not heavily targeted in Pwn2Own 2021, but on day one, Jack Dates from RET2 Systems executed a Safari to kernel zero-day exploit and earned himself $100,000. He used an integer overflow in Safari and an OOB write to get kernel-level code execution, as demoed in the tweet below.


Other hacking attempts during the Pwn2Own event targeted Microsoft Exchange, Parallels, Windows 10, Microsoft Teams, Ubuntu, Oracle VirtualBox, Zoom, Google Chrome, and Microsoft Edge.

A serious Zoom flaw was demonstrated by Dutch researchers Daan Keuper and Thijs Alkemade, for example. The duo exploited a trio of flaws to get total control of a target PC using the Zoom app with no user interaction.


Pwn2Own participants received more than $1.2 million in rewards for the bugs they discovered. Pwn2Own gives vendors like Apple 90 days to produce a fix for the vulnerabilities that are uncovered, so we can expect the bug to be addressed in an update in the not too distant future.

Tag: Safari

Popular Stories

Generic iOS 18 Feature Real Mock

iOS 18 Available Now With These 8 New Features For Your iPhone

Sunday September 15, 2024 10:09 am PDT by
Following over three months of beta testing, iOS 18 was finally widely released to the public on Monday, September 16. The update is available in the Settings app under General → Software Update on the iPhone XS and newer. Below, we have highlighted eight key new features included in iOS 18, and Apple shared a complete list of new features and changes last week. Note that Apple...
iOS 18 Public Beta Thumb 1

Here's When iOS 18 Rolls Out Today in Every Time Zone

Monday September 16, 2024 3:56 am PDT by
It's that time of year again. Apple is about to release iOS 18, which promises to bring a range of new features and improvements to iPhones worldwide. It's Apple's biggest software update of the year, and the company is expected to release it sometime today – Monday, September 16. Based on past releases, the update is likely to drop at around 10:00 a.m. Pacific Time/1:00 p.m. Eastern...
apple silicon mac lineup wwdc 2022 feature purple

M4 Macs, New iPad Mini, and iPad 11 Expected at Upcoming Apple Event

Sunday September 15, 2024 5:29 am PDT by
Apple will likely hold another event in October this year to announce new Macs and iPads. If so, it would be the fourth time in the last five years that Apple has held an event in October. Last year, Apple held a virtual event on Monday, October 30 to announce new MacBook Pro and iMac models with the M3 series of chips. In his Power On newsletter today, Bloomberg's Mark Gurman reiterated...
M4 Mac mini Black Ortho Cooler

Apple Leaks New Mac Mini With 5 USB-C Ports

Monday September 16, 2024 11:40 am PDT by
Apple has seemingly leaked the rumored next-generation Mac mini with five USB-C ports, according to a code change within Apple software that was discovered today by MacRumors contributor Aaron Perris. The code refers to an unreleased Mac mini model with an Apple silicon chip and five ports, which lines up with a previous report from Bloomberg's Mark Gurman that said the next Mac mini will be ...
16 pro

iPhone 16 Pro Demand Has Been Lower Than Expected, Analyst Says

Sunday September 15, 2024 3:58 pm PDT by
Apple analyst Ming-Chi Kuo today said demand for the iPhone 16 Pro and iPhone 16 Pro Max has been "lower than expected" since the devices became available to pre-order in the U.S. and dozens of other countries on Friday. Kuo said his data is based on a "supply chain survey" and shipping estimates listed on Apple's online store. Kuo estimated that sales of all four iPhone 16 models reached...
Beyond iPhone 13 Better Blue Face ID Single Camera Hole

10 Reasons to Wait for Next Year's iPhone 17

Friday September 13, 2024 2:40 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different – already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...

Top Rated Comments

antiprotest Avatar
45 months ago
Please set up a reward for fixing iCloud Tabs sync. Apparently the people at Apple cannot do it after like a decade.
Score: 16 Votes (Like | Disagree)
mistasopz Avatar
45 months ago

The Chinese government is run by Chinese. And yes, if you signaling out Chinese government, you are basically saying Chinese are cheaters and Chinese are theft.

But every government in the world do spy on each other, stealing information etc.
That's some pretty loopy logic there. If I criticise the Canadian government am I racist towards Canadians (after all it's run by Canadians)? Of course not, what ridiculousness. There are 1.4 billion Chinese people and being critical of their leadership is not the same thing as hating 1.4 billion people because of their ethnicity. And if you think you think they are your friend, you better read up on your own history (Nortel IP theft for example).
Score: 9 Votes (Like | Disagree)
mistasopz Avatar
45 months ago

Aren’t you are being racist when you single out Chinese government?
The Chinese government is not a race.
Score: 9 Votes (Like | Disagree)
steve217 Avatar
45 months ago
Given the cost of a breach, $100k is a bargain.
Score: 7 Votes (Like | Disagree)
BWhaler Avatar
45 months ago
I always worry given Zoom’s ties to China and the slip-shot way they went for growth above all, if some of these “flaws” are actually backdoors.

As convienent and pervasive as Zoom is, no way I would trust it if I was a CTO or enterprise security officer.
Score: 5 Votes (Like | Disagree)
T Coma Avatar
45 months ago
Ah yes, the old integer overflow and OOB write trick. Classic.
Score: 3 Votes (Like | Disagree)