Security Researcher Earns $100,000 for Safari Exploit in Pwn2Own Hacking Contest

Each year, the Zero Day Initiative hosts a "Pwn2Own" hacking contest where security researchers can earn money for finding serious vulnerabilities in major platforms like Windows and macOS.


This 2021 Pwn2Own virtual event kicked off earlier this week and featured 23 separate hacking attempts across 10 different products including web browsers, virtualization, servers, and more. A three-day affair that spans multiple hours a day, this year's Pwn2Own event was livestreamed on YouTube.

Apple products were not heavily targeted in Pwn2Own 2021, but on day one, Jack Dates from RET2 Systems executed a Safari to kernel zero-day exploit and earned himself $100,000. He used an integer overflow in Safari and an OOB write to get kernel-level code execution, as demoed in the tweet below.


Other hacking attempts during the Pwn2Own event targeted Microsoft Exchange, Parallels, Windows 10, Microsoft Teams, Ubuntu, Oracle VirtualBox, Zoom, Google Chrome, and Microsoft Edge.

A serious Zoom flaw was demonstrated by Dutch researchers Daan Keuper and Thijs Alkemade, for example. The duo exploited a trio of flaws to get total control of a target PC using the Zoom app with no user interaction.


Pwn2Own participants received more than $1.2 million in rewards for the bugs they discovered. Pwn2Own gives vendors like Apple 90 days to produce a fix for the vulnerabilities that are uncovered, so we can expect the bug to be addressed in an update in the not too distant future.

Tag: Safari

Top Rated Comments

antiprotest Avatar
9 months ago
Please set up a reward for fixing iCloud Tabs sync. Apparently the people at Apple cannot do it after like a decade.
Score: 16 Votes (Like | Disagree)
mistasopz Avatar
9 months ago

The Chinese government is run by Chinese. And yes, if you signaling out Chinese government, you are basically saying Chinese are cheaters and Chinese are theft.

But every government in the world do spy on each other, stealing information etc.
That's some pretty loopy logic there. If I criticise the Canadian government am I racist towards Canadians (after all it's run by Canadians)? Of course not, what ridiculousness. There are 1.4 billion Chinese people and being critical of their leadership is not the same thing as hating 1.4 billion people because of their ethnicity. And if you think you think they are your friend, you better read up on your own history (Nortel IP theft for example).
Score: 9 Votes (Like | Disagree)
mistasopz Avatar
9 months ago

Aren’t you are being racist when you single out Chinese government?
The Chinese government is not a race.
Score: 9 Votes (Like | Disagree)
steve217 Avatar
9 months ago
Given the cost of a breach, $100k is a bargain.
Score: 7 Votes (Like | Disagree)
BWhaler Avatar
9 months ago
I always worry given Zoom’s ties to China and the slip-shot way they went for growth above all, if some of these “flaws” are actually backdoors.

As convienent and pervasive as Zoom is, no way I would trust it if I was a CTO or enterprise security officer.
Score: 5 Votes (Like | Disagree)
T Coma Avatar
9 months ago
Ah yes, the old integer overflow and OOB write trick. Classic.
Score: 3 Votes (Like | Disagree)

Related Stories

zoom app icon

Apple Gave Zoom Access to Special API to Use iPad Camera During Split View Multitasking

Sunday May 9, 2021 2:00 am PDT by
Zoom, a hallmark platform used by millions during the global health crisis, has been given access to a special iPadOS API that allows the app to use the iPad camera while the app is in use in Split View multitasking mode. This case of special treatment was first brought to attention by app developer Jeremy Provost, who, in a blog post, explains that Zoom uses a special API that allows the...
misaligned iphone 11 pro apple logo

Images Depict 'Extremely Rare' iPhone 11 Pro With Misaligned Apple Logo

Monday April 12, 2021 2:34 am PDT by
Apple has in place stringent quality control standards on the assembly line floor to prevent mistakes in production, but that doesn't mean they don't happen. Images shared on Twitter reveal an iPhone 11 Pro with a misaligned Apple logo on the back of the device, a misprint that is said to be as rare as 1 in a million. The images, posted by Internal Archive, clearly show the Apple logo is ...
firefox 89

Firefox 89 for Mac Released With Cleaner Design, Multi-Touch Zoom, and More

Tuesday June 1, 2021 10:11 am PDT by
Mozilla today announced the public release of Firefox 89 for macOS with a redesigned and modernized core browsing experience. The latest version of the browser features a simplified toolbar with less frequently used items removed, allowing the focus to be on the most important navigation items. Menus and prompts have also been streamlined across Firefox to have cleaner designs and clearer...
microsoft to do feature

Microsoft To Do App Ends Support for iOS 12, Now Requires iOS 13 or Later

Tuesday April 6, 2021 1:55 am PDT by
In its latest App Store update, Microsoft To Do has ended support for iOS 12 and older, officially requiring that all users must be running iOS 13 or later in order to receive app updates. Microsoft To Do rose to popularity last year following the closure of Wunderlist and Microsoft's acquisition of the company. Since then, Microsoft To Do has been playing catch-up in attempting to keep...
Apple vs Microsoft feature

Rivalry Between Apple and Microsoft Heating Up Again Over Augmented Reality, Gaming, and More

Friday May 14, 2021 11:04 am PDT by
The iconic and industry-classic rivalry between Apple and Microsoft, which has arguably seen a slowdown in recent years, is poised to begin heating up as both companies target the future of augmented reality and renewed competition in the PC industry, according to an analysis from Bloomberg's Mark Gurman. Both Apple and Microsoft have strong ambitions for the future of augmented reality....
maxresdefault

Samsung Pokes Fun at iPhone 12 Pro Max's Lack of 100x Digital Zoom in New Ad

Monday May 24, 2021 6:05 am PDT by
In a new ad, Samsung is poking fun at the iPhone 12 Pro Max's lack of 100x zoom compared to its flagship Samsung Galaxy S21 Ultra. In an ad posted late last week titled "Space Zoom," an iPhone 12 Pro Max and Samsung Galaxy S21 Ultra can be seen taking a photo of the moon in total darkness. The iPhone 12 Pro Max zooms in at its max 12x ability, while the Samsung Galaxy S21 Ultra gets a closer ...
apple event hashflag

Twitter Hashflag for April 20 Apple Event Goes Live

Tuesday April 13, 2021 2:21 pm PDT by
Following the overnight Siri leak and subsequent announcement that Apple will hold a media event on Tuesday, April 20, a new Twitter hashflag has appeared to help provide visibility for the event on the platform. For the last several recent events, Apple has utilized hashflags, which are little icons next to hashtags on Twitter, as a way to market its events. The company first started the...
Twitter Feature

Twitter's 'Blue' Subscription Service May Cost $2.99, Will Offer Undo Tweet Option

Saturday May 15, 2021 11:08 am PDT by
Twitter has been working on some kind of subscription service since last summer, and Jane Manchun Wong, who often digs into new features coming in apps, has shared details on just what Twitter is exploring. Twitter's subscription service could be called Twitter Blue, and at the current time, it's priced at $2.99 per month. There will be a "Collections" section that allows users to save and...

Popular Stories

airtag in hand

Apple AirTag Linked to Increasing Number of Car Thefts, Canadian Police Report

Friday December 3, 2021 7:10 am PST by
Apple's AirTags are being used in an increasing number of targeted car thefts in Canada, according to local police. Outlined in a news release from York Regional Police, investigators have identified a new method being used by thieves to track down and steal high-end vehicles that takes advantage of the AirTag's location tracking capabilities. While the method of stealing the cars is largely ...
macbook pro 13 inch banner

Apple Planning Five New Macs for 2022, Including Entry-Level MacBook Pro Refresh

Sunday December 5, 2021 7:55 am PST by
Apple is working on five new Macs for launch in 2022, including a new version of the entry-level MacBook Pro, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman said that he expects Apple to launch five new Macs in 2022, including: A high-end iMac with Apple silicon to sit above the 24-inch iMac in the lineup A significant MacBook Air...
apple watch series 7 aluminum colors

2022 Apple Watch Lineup Rumored to Include New Apple Watch SE and 'Rugged' Model for Sports

Sunday December 5, 2021 8:22 am PST by
Apple is planning an entire revamp of its Apple Watch lineup for 2022, including an update to the Apple Watch SE and a new Apple Watch with a rugged design aimed at sports athletes, according to respected Bloomberg journalist Mark Gurman. Writing in the latest installment of his Power On newsletter, Gurman said that for 2022, alongside the Apple Watch Series 8, Apple is planning an update to ...
MBA Mock White Front Blue

2022 MacBook Air Getting Major Display Upgrade With One Drawback

Friday December 3, 2021 3:01 am PST by
Apple's next-generation MacBook Air is reportedly set to bring over many of the new MacBook Pro's features, with one noticeable omission, according to recent reports. The latest MacBook Pro models feature a mini-LED "Liquid Retina XDR" display with deep blacks and support for up to 1,600 nits peak brightness. The display also features Apple's "ProMotion" technology, which is capable of...
ipad air arrive feature

iPad Pro With Wireless Charging, iPad Air 5, and iPad 10 Reported to Debut in 2022

Sunday December 5, 2021 8:54 am PST by
Apple is preparing to update three of its iPad models in 2022, including the entry-level iPad, iPad Air, and iPad Pro, according to Bloomberg's Mark Gurman. In his latest "Power On" newsletter, Gurman reiterated Apple's plans to release a new iPad Pro in 2022, featuring a new design and wireless charging, and clarified the company's intention to release new versions of the entry-level iPad...
Top Stories 87 Thumbnail

Top Stories: iPhone SE 3 in Early 2022, macOS Monterey Tips, AirPower Revival, and More

Saturday December 4, 2021 6:00 am PST by
The rush of Black Friday deals has passed, and while there's likely still some holiday shopping to be done, attention is also turning back to rumors with a look ahead to what we can expect in 2022. Rumors this week included the next iPhone SE reportedly coming early next year and a multi-device charger similar to Apple's canceled AirPower, while we also took a look at what we might see for a ...