Security Researcher Earns $100,000 for Safari Exploit in Pwn2Own Hacking Contest

Each year, the Zero Day Initiative hosts a "Pwn2Own" hacking contest where security researchers can earn money for finding serious vulnerabilities in major platforms like Windows and macOS.


This 2021 Pwn2Own virtual event kicked off earlier this week and featured 23 separate hacking attempts across 10 different products including web browsers, virtualization, servers, and more. A three-day affair that spans multiple hours a day, this year's Pwn2Own event was livestreamed on YouTube.

Apple products were not heavily targeted in Pwn2Own 2021, but on day one, Jack Dates from RET2 Systems executed a Safari to kernel zero-day exploit and earned himself $100,000. He used an integer overflow in Safari and an OOB write to get kernel-level code execution, as demoed in the tweet below.


Other hacking attempts during the Pwn2Own event targeted Microsoft Exchange, Parallels, Windows 10, Microsoft Teams, Ubuntu, Oracle VirtualBox, Zoom, Google Chrome, and Microsoft Edge.

A serious Zoom flaw was demonstrated by Dutch researchers Daan Keuper and Thijs Alkemade, for example. The duo exploited a trio of flaws to get total control of a target PC using the Zoom app with no user interaction.


Pwn2Own participants received more than $1.2 million in rewards for the bugs they discovered. Pwn2Own gives vendors like Apple 90 days to produce a fix for the vulnerabilities that are uncovered, so we can expect the bug to be addressed in an update in the not too distant future.

Tag: Safari

Popular Stories

airpods pro 2 pink

Apple Releases New AirPods Pro 2 Firmware

Tuesday May 28, 2024 11:46 am PDT by
Apple today released new firmware update for both the Lightning and USB-C versions of the AirPods Pro 2. The new firmware is version 6F7, up from the 6B34 firmware released in November. Apple does not provide details on what features might be included in the refreshed firmware beyond "bug fixes and other improvements," so it is unclear what's new in the update. Apple does not give...
maxresdefault

Report: These 10 New AI Features Are Coming in iOS 18

Sunday May 26, 2024 12:57 pm PDT by
iOS 18 and macOS 15 will offer an array of new AI features such as auto-generated emojis, suggested replies to emails and messages, and more, Bloomberg's Mark Gurman reports. Subscribe to the MacRumors YouTube channel for more videos. A significant portion of Apple's Worldwide Developers Conference (WWDC) is expected to focus on AI features. Writing his latest "Power On" newsletter, Gurman...
wwdc 2024 main image feature

Apple Confirms Time for June 10 WWDC Keynote, Shares Full Schedule

Tuesday May 28, 2024 10:21 am PDT by
Apple today shared details on the schedule that it has prepared for the 2024 Worldwide Developers Conference, which is set to take place from June 10 to June 14. While WWDC always includes a keynote, Apple has confirmed that it will be held on June 10 at 10:00 a.m. Pacific Time. Apple is expected to announce iOS 18, iPadOS 18, macOS 15, tvOS 18, watchOS 11, and visionOS 2, and at this time,...
Apple iPhone 15 Pro lineup Action button 230912

Apple Green-Lights iPhone 16 Pro Display Production

Tuesday May 28, 2024 5:13 am PDT by
Samsung Display and LG Display have been granted approval for mass production of OLED screens for Apple's upcoming iPhone 16 Pro models, Korea's The Elec reports. Both suppliers apparently received approval earlier this month, paving the way for the commencement of mass production of screens for the iPhone 16 Pro models. While Samsung Display will supply OLED screens for all four iPhone 16...
iPad Pro Landscape Apple Logo Feature

Apple Says Future iPads Could Feature Landscape Apple Logo

Monday May 27, 2024 6:31 am PDT by
French website Numerama interviewed three senior Apple employees about the new iPad Pro models that launched earlier this month. While the discussion did not reveal many new details, it did mention one potential change for future iPads. While the Apple logo on the back of iPads is positioned so that it appears upright in vertical orientation, the devices are often used in landscape...

Top Rated Comments

antiprotest Avatar
41 months ago
Please set up a reward for fixing iCloud Tabs sync. Apparently the people at Apple cannot do it after like a decade.
Score: 16 Votes (Like | Disagree)
mistasopz Avatar
41 months ago

The Chinese government is run by Chinese. And yes, if you signaling out Chinese government, you are basically saying Chinese are cheaters and Chinese are theft.

But every government in the world do spy on each other, stealing information etc.
That's some pretty loopy logic there. If I criticise the Canadian government am I racist towards Canadians (after all it's run by Canadians)? Of course not, what ridiculousness. There are 1.4 billion Chinese people and being critical of their leadership is not the same thing as hating 1.4 billion people because of their ethnicity. And if you think you think they are your friend, you better read up on your own history (Nortel IP theft for example).
Score: 9 Votes (Like | Disagree)
mistasopz Avatar
41 months ago

Aren’t you are being racist when you single out Chinese government?
The Chinese government is not a race.
Score: 9 Votes (Like | Disagree)
steve217 Avatar
41 months ago
Given the cost of a breach, $100k is a bargain.
Score: 7 Votes (Like | Disagree)
BWhaler Avatar
41 months ago
I always worry given Zoom’s ties to China and the slip-shot way they went for growth above all, if some of these “flaws” are actually backdoors.

As convienent and pervasive as Zoom is, no way I would trust it if I was a CTO or enterprise security officer.
Score: 5 Votes (Like | Disagree)
T Coma Avatar
41 months ago
Ah yes, the old integer overflow and OOB write trick. Classic.
Score: 3 Votes (Like | Disagree)