The sixteenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, and researchers participating in the Pwn2Own computer hacking contest have already discovered multiple vulnerabilities in OS X and the Safari web browser on the desktop.

Safari-OS-X
On day one of the event, independent security researcher JungHoon Lee earned $60,000 after exploiting both OS X and Safari. Lee uncovered four vulnerabilities in total, including one exploit in Safari and three other vulnerabilities within the OS X operating system, according to security firm Trend Micro.

JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Apple Safari to gain root privileges. The attack consisted of four new vulnerabilities: a use-after-free vulnerability in Safari and three additional vulnerabilities, including a heap overflow to escalate to root. This demonstration earned 10 Master of Pwn points and US$60,000.

Meanwhile, the report claims that the Tencent Security Team Shield group successfully executed code that enabled them to gain root privileges to Safari using "two use-after-free vulnerabilities," including one in Safari and the other in a "privileged process." The researchers were awarded $40,000 in prize money.

The five participating teams earned a total of $282,500 in prizes on day one, including a leading $132,500 earned by the 360Vulcan Team, according to the report. Other web browsers and plugins that were successfully targeted include Adobe Flash, Google Chrome, and Microsoft Edge on Windows.


Apple representatives have attended Pwn2Own in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two began today at 9:00 a.m. Pacific and will involve additional exploit attempts against OS X and Safari.

Tags: Exploit, Security, Safari, Apple Security, OS X, Pwn2Own

Top Rated Comments

zorinlynx Avatar
zorinlynx
113 months ago
This is a reminder of the reason why, even though you have a Mac, you should be careful about browsing shady websites.

Every system is exploitable, even one with a good track record like OS X. Be careful where you browse. Stay up to date on updates. This is also why I'm angered by websites that force you to turn off ad blockers; ad networks are the #1 source of malware there is.
Score: 24 Votes (Like | Disagree)
thederby Avatar
thederby
113 months ago
$60,000 for one day's work....I think I need to change jobs.
this is more than one day's work.
Score: 19 Votes (Like | Disagree)
'Dorian Avatar
'Dorian
113 months ago
This is a reminder of the reason why, even though you have a Mac, you should be careful about browsing shady websites.

Every system is exploitable, even one with a good track record like OS X. Be careful where you browse. Stay up to date on updates. This is also why I'm angered by websites that force you to turn off ad blockers; ad networks are the #1 source of malware there is.
Ad blockers like Adblock still allow non-intrusive and non-malicious ads. If a website makes you turn off Adblock, you might have to wonder why.

I wonder if Apple could use this in their FBI case. "Um guys... you want us to create a back door, there's contests that reward people for breaking the code. Imagine if they KNEW there was a back door and they just needed to find it."
Score: 9 Votes (Like | Disagree)
Goatllama Avatar
Goatllama
113 months ago
"Attempts to compromise Adobe Flash player were confounded when its doors were found to be completely open..." ;)
Score: 8 Votes (Like | Disagree)
T Coma Avatar
T Coma
113 months ago
$60,000 for one day's work.
And 10 Master of Pwn points!!!
Score: 6 Votes (Like | Disagree)
2457282 Avatar
2457282
113 months ago
Was the FBI in attendance taking notes?
Score: 4 Votes (Like | Disagree)
Read All Comments

Popular Stories

New Things Your iPhone Can Do in iOS 18

18 New Things Your iPhone Can Do in iOS 18.2

Wednesday November 13, 2024 2:09 am PST by
Apple is set to release iOS 18.2 next month, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls incoming as well....
Read Full Article25 comments
M4 MacBook Pros Thumb

M4 MacBook Pro Uses Quantum Dot Display Technology

Thursday November 14, 2024 4:19 pm PST by
The M4 MacBook Pro models feature quantum dot display technology, according to display analyst Ross Young. Apple used a quantum dot film instead of a red KSF phosphor film, a change that provides more vibrant, accurate color results. Young says that Apple has opted for KSF for prior MacBook Pro models because it doesn't use toxic element cadmium (typical for quantum dot) and is more...
Read Full Article98 comments
AirPods Crackling Feature

Apple Customers Sue Over Unfixed AirPods Pro Crackling Issue

Wednesday November 13, 2024 11:01 am PST by
A trio of Apple customers this month filed a class action lawsuit against Apple, accusing the Cupertino company of violating California consumer protection laws and false advertising for continuing to sell AirPods Pro models that had ongoing issues with crackling or static sounds. A few months after the AirPods Pro came out in October 2019, buyers began to complain about crackling, rattling, ...
Read Full Article132 comments
google gemini

Google Releases Standalone Gemini AI App for iPhone

Thursday November 14, 2024 2:54 am PST by
Google has launched its dedicated Gemini artificial intelligence app for iPhone users, expanding beyond the previous limited integration within the main Google app. The standalone app offers enhanced functionality, including support for Gemini Live and iOS-specific features like Dynamic Island integration. The new app allows iPhone users to interact with Google's AI through text or voice...
Read Full Article72 comments
maxresdefault

M4 Max MacBook Pro: Real-World Usage Tests

Wednesday November 13, 2024 11:59 am PST by
Apple last week replaced the M3 Max MacBook Pro with the new M4 Max MacBook Pro, and we picked up one of the new high-end MacBook Pro machines to see how it compares to the prior model with both benchmarks and real-world tests. We tested an M4 Max with a 16-core CPU, 40-core GPU, and 48GB RAM against an M3 Max MacBook Pro with similar specs. The two machines look similar, but the display on...
Read Full Article40 comments
iphone passcode green

iOS 18 Security Feature Causes iPhone to Reboot After Three Days of Inactivity

Thursday November 14, 2024 2:19 pm PST by
With iOS 18, Apple introduced a feature that causes the iPhone to reboot every three days, security researchers have confirmed (via TechCrunch). In a demo video, security researcher Jiska Classen proved that an iPhone left untouched for 72 hours will automatically restart, and Graykey manufacturer also Magnet Forensics wrote a blog post about the feature. After a reboot, an iPhone is more...
Read Full Article119 comments