exploit


'exploit' Articles

Researchers Uncover macOS and Safari Exploits at Pwn2Own 2017

The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes. Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar. In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.Later in the day, Chaitin Security Research Lab also targeted Safari with an escalation to root on macOS, finding success using a total of six bugs in their exploit chain, including "an info disclosure in Safari, four type confusion bugs in the browser, and a UAF in WindowServer". The combined efforts earned the team $35,000. The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop,

Security Flaw in iOS 9.3.1 Allows Access to iPhone Photos and Contacts

A video surfaced online yesterday purporting to show a vulnerability in iOS 9.3.1 that allows anyone to access photos and contacts on a locked iPhone without having to enter a passcode. The YouTube video, uploaded by Jose Rodriguez and first spotted by The Daily Dot, depicts a user performing a Siri search followed by a series of relatively simple steps, one of which involves 3D Touch, limiting the exploit to iPhone 6s and 6s Plus devices. The procedure starts by invoking Siri on the locked phone by holding the home button or using the "Hey, Siri" function, and then asking the personal assistant to initiate a Twitter search. When the returned results include contact details such as an email address, a 3D Touch gesture is used on the contact information to bring up a Quick Actions menu. Tapping "Add to Existing Contact" then brings up the iPhone's Contacts list. By selecting a contact and opting to add a photo to the entry, the phone's photo library can also be freely accessed. The flaw is only applicable if the iPhone owner has previously granted Siri permission to access Twitter account information as well as to Contacts or Photos, operations which require establishing ownership of the device with the passcode or Touch ID. Additionally, if the iPhone has exited a Touch ID grace period, a passcode is still required before using Siri. Users worried about the vulnerability can protect themselves by ensuring Siri's access to Twitter and Photos is disabled. On your device, go to Settings -> Privacy -> Twitter and if Siri is listed, turn off its access.

Researchers Uncover Multiple OS X and Safari Exploits at Pwn2Own 2016

The sixteenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, and researchers participating in the Pwn2Own computer hacking contest have already discovered multiple vulnerabilities in OS X and the Safari web browser on the desktop. On day one of the event, independent security researcher JungHoon Lee earned $60,000 after exploiting both OS X and Safari. Lee uncovered four vulnerabilities in total, including one exploit in Safari and three other vulnerabilities within the OS X operating system, according to security firm Trend Micro.JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Apple Safari to gain root privileges. The attack consisted of four new vulnerabilities: a use-after-free vulnerability in Safari and three additional vulnerabilities, including a heap overflow to escalate to root. This demonstration earned 10 Master of Pwn points and US$60,000.Meanwhile, the report claims that the Tencent Security Team Shield group successfully executed code that enabled them to gain root privileges to Safari using "two use-after-free vulnerabilities," including one in Safari and the other in a "privileged process." The researchers were awarded $40,000 in prize money. The five participating teams earned a total of $282,500 in prizes on day one, including a leading $132,500 earned by the 360Vulcan Team, according to the report. Other web browsers and plugins that were successfully targeted include Adobe Flash, Google Chrome, and Microsoft Edge on Windows. Apple representatives have attended

OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs

Apple is readying a fix in OS X 10.10.2 for the so-called "Thunderstrike" hardware exploit targeting Macs equipped with Thunderbolt ports, iMore has learned. According to the report, Apple patched the vulnerability by making code changes in the upcoming software update that prevent a Mac's bootrom from being replaced or rolled back to a previous state in which it could be attacked.To secure against Thunderstrike, Apple had to change the code to not only prevent the Mac's boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again. According to people with access to the latest beta of OS X 10.10.2 who are familiar with Thunderstrike and how it works, that's exactly the deep, layered process that's been completed.Thunderstrike is a serious vulnerability discovered earlier this year by security researcher Trammell Hudson, enabling an attacker to replace a Mac's bootrom with malicious code without a user knowing. Since the malicious code is stored in a low level inaccessible to the user, the problem would remain even if the bootrom was replaced. The proof-of-concept attack is limited in scope, however, as an attacker would require physical access to the Mac or savvy social engineering skills in order to trick a user into attacking his or her Mac themselves. Apple has already addressed the issue in its latest hardware, including the iMac with Retina 5K Display and new Mac mini. OS X 10.10.2 has been in pre-release testing for over two months and should be made available to the public in the coming