• Home
  • macOS
  • News
  • Hackers Uncover Two Zero-Day macOS Safari Vulnerabilities at Pwn2own Conference

Hackers Uncover Two Zero-Day macOS Safari Vulnerabilities at Pwn2own Conference

Hackers Uncover Two Zero-Day macOS Safari Vulnerabilities at Pwn2own Conference

Two sets of white-hat hackers competing at the annual Pwn2own conference on Wednesday uncovered two zero-day vulnerabilities in Apple’s Safari browser. Three teams competed to successfully exploit bugs they found to achieve root access to macOS.

Hackers Uncover Two Zero-Day macOS Safari Vulnerabilities at Pwn2own Conference
Photo via 9to5Mac

Two Out of Three Ain’t Bad

9to5Mac reports eleven teams in total are competing for a total of $1 million in prize money at the 10th annual conference. Three of the teams attempted to exploit the Safari bug. Two of the three were successful.

Chaitin Security Research Lab chained together an exploit that took advantage of sex separate bugs to escalate their access to root on macOS, winning a $35,000 prize.

Samuel Groß and Niklas Baumstark won $28,000 for exploiting five bugs to display a message on the Touch Bar of a 2016 MacBook Pro.

Organizers of the competition will furnish full details of the exploits to Apple so the Cupertino firm can fix the bugs before they are made public. The conference and the competition will continue today.

Previous years have seen Safari as a popular target in the competition. Back in 2011 it took just five seconds for French security firm Vupen to exploit a vulnerability in Safari 5.0.4 to gain root access to a MacBook Air. The team took home the machine as part of their winnings.

Safari a Popular Target in Recent Years

2014 saw a team exploit two bugs in the iOS version of Safari to take control of an iPhone 5s. That same year, a Chinese hacking team gained root access to a Mac. Although the team was able to exploit flaws in the system, the Keen team noted that Apple’s operating system is overall quite secure.

“For Apple, the OS is regarded as very safe and has a very good security architecture,” Keen team member Liang Chen said. “Even if you have a vulnerability, it’s very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems.”

Related

  1. New Apple Store Opens in Valencia, Spain
  2. Computer History Museum Announces Online Steve Jobs Exhibit
  3. Total Smartphones in Use Surpass 1 Billion, Could Double by 2015
  4. Microsoft Will Bring Back ‘Squirting’ on Windows 8 and Windows Phone
  5. Apple Tells How To Remove MacDefender, Will Issue Security Update
  6. Apple Offers Free iDevice And Mac Repairs Following Japan Disaster
Apple Giveaways

iPhone X Giveaway

$999

Enter

MacBook Pro Giveaway

$1499.00

Enter

10.5″ iPad Pro Giveaway

$649.00

Enter

iPhone 8 Plus Giveaway

$800.00

Enter
Share