• Home
  • Mac
  • Safari Exploited Again on Day Two of Pwn2Own

Safari Exploited Again on Day Two of Pwn2Own

Safari Exploited Again on Day Two of Pwn2Own

The second day of Trend Micro’s Pwn2Own 2018 saw Apple’s Safari browser exploited twice. One team successfully completed its attempt within the contest’s 30-minute three-attempt guidelines, while another group hacked the bowser within four attempts.

Safari Exploited Again on Day Two of Pwn2Own

Markus Gaasedelen (gaasedelen), Nick Burnett (itszn13), and Patrick Biernat of Ret2 Systems, Inc. targeted Apple Safari with a macOS kernel EoP. After experiencing some unexpected failures, they successfully demonstrated their exploit on the fourth attempt. Unfortunately, the contest rules only allow three attempts, so this counted as a failure. Still, the bugs used were purchased and disclosed to the vendor through the normal ZDI process.

The final entry for the day and for the contest saw a team from MWR labs – Alex Plaskett (AlaxJPlaskett), Georgi Geshev (munmap), and Fabi Beterke (pwnfl4k3s) – target Apple Safari with a sandbox escape. They utilized a heap buffer underflow in the browser and an uninitialized stack variable in macOS to escape the sandbox and gain code execution. In doing so, they earned $55,000 and 5 Master of Pwn points.

Richard Zhu, who on Wednesday failed in an attempt to target Safari, successfully targeted a Mozilla Firefox exploit on Thursday, leveraging a Windows kernel EoP vulnerability. Zhu earned $50,000 and 5 Master of Pwn points for his efforts, and also took the prize as this years Master of Pwn, earning a total of $120,000 during the competition.

The competition awarded $267,000 during the two-day contest while acquiring five Apple bugs, four Microsoft bugs, two Oracle bugs, and one Mozilla bug. Microsoft and VMWare sponsored the competition.

Pwn2Own is an annual hacking contest, which began in 2007, and encourages security researchers to discover, share, and demonstrate zero-day security flaws on software and hardware. Successful contestants get to keep the device they attacked and also receive a cash prize. Points are also awarded, which if enough of them are accumulated, go toward a “masters” jacket.

Hardware and software vendors benefit from the competition by gaining information about vulnerabilities in their software and hardware, and gain the chance to patch this holes before they are widely exploited.

  1. 373035 370126To your organization online business owner, releasing an critical company could be the bread so butter inside of their opportunity, and choosing a fantastic child care company often means the certain between a victorious operation this is. how to start a daycare 475366

  2. Why viewers still use to read news papers when in this technological world
    the whole thing is available on net?

  3. Thanks for the auspicious writeup. It in truth was a leisure account it.
    Look complex to more delivered agreeable from you!
    By the way, how could we keep up a correspondence?

  4. Yes! Finally something about a.

  5. with asmr says:

    wonderful put up, very informative. I wonder why the
    opposite experts of this sector don’t understand this.

    You should proceed your writing. I’m sure, you have a great readers’ base already!

  6. that asmr says:

    With havin so much content and articles do you ever run into any issues of plagorism or copyright
    violation? My website has a lot of exclusive content I’ve
    either written myself or outsourced but it seems a lot of it is popping it up all over the internet without my
    permission. Do you know any solutions to help prevent content from being ripped off?
    I’d truly appreciate it.

  7. Hey! Would you mind if I share your blog with my facebook group?

    There’s a lot of people that I think would really
    enjoy your content. Please let me know. Thank you quest bars http://bitly.com/3C2tkMR quest bars

  8. tinyurl.com says:

    Simply wish to say your article is as amazing.
    The clarity in your post is simply spectacular and i could assume you are an expert on this subject.
    Fine with your permission allow me to grab your feed to keep up to date with forthcoming post.

    Thanks a million and please continue the gratifying work.
    scoliosis surgery https://0401mm.tumblr.com/ scoliosis surgery

  9. Excellent blog right here! Also your site rather a lot up
    fast! What web host are you using? Can I am getting your associate hyperlink for your host?
    I desire my website loaded up as fast as yours lol cheap flights http://1704milesapart.tumblr.com/ cheap flights

  10. coub.com says:

    Excellent write-up. I certainly love this website. Stick with it!
    scoliosis surgery https://coub.com/stories/962966-scoliosis-surgery scoliosis surgery

  11. Excellent, what a web site it is! This weblog provides
    useful information to us, keep it up. quest bars https://www.iherb.com/search?kw=quest%20bars quest bars

  12. Spot on with this write-up, I absolutely believe this
    amazing site needs much more attention. I’ll probably be returning to read through more, thanks for the
    info! ps4 games https://tinyurl.com/45xtc52b ps4 games

Leave a Reply

Your email address will not be published. Required fields are marked *