• Home
  • macOS
  • Pwn2Own 2018 Kicks Off With Successful Safari Exploit

Pwn2Own 2018 Kicks Off With Successful Safari Exploit

Pwn2Own 2018 Kicks Off With Successful Safari Exploit

Trend Micro’s Zero Day Initiative’s annual Pwn2Own hacking competition began on Wednesday, with 2 Safari exploit attempts, one of which proved successful.

Pwn2Own 2018 Kicks Off With Successful Safari Exploit

Samuel Groß (5aelo) of phoenhex targeting Apple Safari with a macOS kernel EoP

Success: Samuel used a three bug chain to successfully exploit Apple Safari, earning himself $65,000 and 6 points toward Master of Pwn.

Samuel’s exploit modified the text on a MacBook Pro’s touchbar, as seen in the above image.

A separate hacking attempt was attempted against Safari by Richard Zhu, who was unable to get his sandbox escape attempt running within the 30 minute time limit allotted by the competition rules. Zhu had successfully bypassed iPhone 7 security protocols using two Safari bugs at the Mobile Pwn2Own event in November.

Zhu was successful on Wednesday with an exploit targeting Microsoft Edge, via a Windows kernel EoP. Zhu used two UAFs in the browser and an integer overflow in the kernel to earn $70,000 USD and 7 points towards Master of Pwn.

Pwn2Own is an annual hacking contest, which began in 2007, and encourages security researchers to discover, share, and demonstrate zero-day security flaws on software and hardware. Successful contestants get to keep the device they attacked and also receive a cash prize. Points are also awarded, which if enough of them are accumulated, go toward a “masters” jacket.

Hardware and software vendors benefit from the competition by gaining information about vulnerabilities in their software and hardware, and gain the chance to patch this holes before they are widely exploited.

Day two of Pwn2Own takes place on Thursday, and will feature two more attempts against Safari. Markus Gaasedelen, Nick Burnett, Patrick Biernat of Ret2 Systems, Inc. will target Apple Safari with a macOS kernel EoP, while MWR Labs – Alex Plaskett (AlaxJPlaskett), Georgi Geshev (munmap), Fabi Beterke (pwnfl4k3s) will target Apple Safari with a sandbox escape.


  1. ProtectStar Debuts Data Shredder for Mac 2017 – Military Grade Data Deletion for macOS
  2. Apple Seeds Safari 7.0.3 (Mavericks) and 6.1.3 (Mountain Lion) to Developers
  3. How to Enable App Accessibility Features on Your Mac
  4. How to Save a Website Bookmark in Safari on iOS 11
  5. How To Change The Image File Format Of Your Mac Screenshots
  6. Apple Seeds Second Beta of macOS Sierra 10.12.1 to Developers
Apple Giveaways

iPhone X Giveaway



MacBook Pro Giveaway



10.5″ iPad Pro Giveaway



iPhone 8 Plus Giveaway