Mac

Safari Exploited Again on Day Two of Pwn2Own

The second day of Trend Micro’s Pwn2Own 2018 saw Apple’s Safari browser exploited twice. One team successfully completed its attempt within the contest’s 30-minute three-attempt guidelines, while another group hacked the bowser within four attempts.

Markus Gaasedelen (gaasedelen), Nick Burnett (itszn13), and Patrick Biernat of Ret2 Systems, Inc. targeted Apple Safari with a macOS kernel EoP. After experiencing some unexpected failures, they successfully demonstrated their exploit on the fourth attempt. Unfortunately, the contest rules only allow three attempts, so this counted as a failure. Still, the bugs used were purchased and disclosed to the vendor through the normal ZDI process.

The final entry for the day and for the contest saw a team from MWR labs – Alex Plaskett (AlaxJPlaskett), Georgi Geshev (munmap), and Fabi Beterke (pwnfl4k3s) – target Apple Safari with a sandbox escape. They utilized a heap buffer underflow in the browser and an uninitialized stack variable in macOS to escape the sandbox and gain code execution. In doing so, they earned $55,000 and 5 Master of Pwn points.

Richard Zhu, who on Wednesday failed in an attempt to target Safari, successfully targeted a Mozilla Firefox exploit on Thursday, leveraging a Windows kernel EoP vulnerability. Zhu earned $50,000 and 5 Master of Pwn points for his efforts, and also took the prize as this years Master of Pwn, earning a total of $120,000 during the competition.

The competition awarded $267,000 during the two-day contest while acquiring five Apple bugs, four Microsoft bugs, two Oracle bugs, and one Mozilla bug. Microsoft and VMWare sponsored the competition.

Pwn2Own is an annual hacking contest, which began in 2007, and encourages security researchers to discover, share, and demonstrate zero-day security flaws on software and hardware. Successful contestants get to keep the device they attacked and also receive a cash prize. Points are also awarded, which if enough of them are accumulated, go toward a “masters” jacket.

Hardware and software vendors benefit from the competition by gaining information about vulnerabilities in their software and hardware, and gain the chance to patch this holes before they are widely exploited.

Chris Hauk

Chris is a Senior Editor at Mactrast. He lives somewhere in the deep Southern part of America, and yes, he has to pump in both sunshine and the Internet.