News

Security Researcher Earns $100,000 for Safari Exploit During Pwn2Own Hacking Contest

It’s “Pwn2Own” time again, and on day one, a security researcher scored himself a $100,000 prize for executing a Safari to kernel zero-day exploit.

On day one of the virtual event, Jack Dates from RET2 Systems executed a Safari to kernel zero-day exploit and earned himself $100,000. He used an integer overflow in Safari and an OOB write to get kernel-level code execution.



Each year, the Zero Day Initiative hosts a “Pwn2Own” hacking contest where security researchers can score money for discovering and executing attacks against serious vulnerabilities in major operating systems like macOS and Windows.

This year’s Pwn2Own event was live-streamed on YouTube. The 2021 event included 23 separate hacking attempts across 10 different products including web browsers, virtualization, servers, and more.

Security researchers attempted hacks targeting Microsoft Exchange, Parallels, Windows 10, Microsoft Teams, Ubuntu, Oracle VirtualBox, Zoom, Google Chrome, and Microsoft Edge.

Pwn2Own security researcher participants earned more than $1.2 million in rewards for the various bugs they discovered. Vendors like Apple are given 90 days to produce a fix for the vulnerabilities that are uncovered before they are revealed to the public, so a fix for the bug can likely be expected in an update in the near future.

Chris Hauk

Chris is a Senior Editor at Mactrast. He lives somewhere in the deep Southern part of America, and yes, he has to pump in both sunshine and the Internet.