The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes.

Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.

C6 w vqU8AA hjw

In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.

Later in the day, Chaitin Security Research Lab also targeted Safari with an escalation to root on macOS, finding success using a total of six bugs in their exploit chain, including "an info disclosure in Safari, four type confusion bugs in the browser, and a UAF in WindowServer". The combined efforts earned the team $35,000.

The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop, and Microsoft Edge on Windows.

Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two begins today at 8:30 a.m. Pacific and will involve additional exploit attempts against macOS and Safari.

Tags: Apple Security, Exploit, macOS, Pwn2Own, Safari, Security

Top Rated Comments

Kabeyun Avatar
Kabeyun
105 months ago
These people are pretty smart. Gotta say.
Score: 6 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
105 months ago
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?
Reading more into it. This is a yearly event. Every year they expose vulnerabilities in every OS. They provide each vendor with the vulnerability so it can be patched.
Score: 3 Votes (Like | Disagree)
NT1440 Avatar
NT1440
105 months ago
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?
It's a yearly competition, and the entire point is to find, disclose, and get these types of exploits closed. Note that they almost always spend months pre-planning (so avoid those "____ hacked in 30 seconds!" clickbait headlines) and it takes several combined exploits to get the results they want....as well as hands on with the computer.
Score: 3 Votes (Like | Disagree)
2457244 Avatar
2457244
105 months ago
Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.
Haha they get 28.000 for that? I've seen developers create stuff like this and called it an app or feature. ;) :rolleyes: o_O

You gotta love the Touch Bar folks. They look so pretty, don't they. Even my sister can get dates now.
Score: 2 Votes (Like | Disagree)
ApfelKuchen Avatar
ApfelKuchen
105 months ago
I was always under the impression Mac has enjoyed many years of very little exposure in terms of exploits or viruses mainly because hackers focused on the big fish like Microsoft. Microsoft's OS is used for business all over the world. As MacOS gains in popularity so will the number of hacks, viruses, and malware. Just a matter of time.
And while I'm purely speculating, the size of the Microsoft target is such that, perhaps, the prize money offered is insufficient - better to keep selling exploits on the black market. Leaving the public relations value aside ("Windows exploit? Ho hum!"), a target ten times the size justifies ten times the prize.
[doublepost=1489773007][/doublepost]
Apple representatives have attended the Pwn2Own contest in the past?? That's interesting. If it were my company I'd want someone at EVERY ONE of these kinds of contests.
This is standard news reportage. Unless you can report, as a fact, that Apple sends someone to "EVERY ONE of these kinds of contests," you fall back upon what you know is true.

It's highly likely that Apple does dispatch staff to every one of these kinds of contests. In addition to uncovering exploits, they'd seem to be pretty good places for recruiting talent, keeping in touch with the movers and shakers, etc. But "highly likely" is not provable fact, and chances are, due to the nature of travel, even if Apple dispatched staff to every such event, it doesn't mean they always arrived.
Score: 1 Votes (Like | Disagree)
joy.757 Avatar
joy.757
105 months ago
Really cool work. I am fascinated at how they do such stuff. I have no idea on how you'd even start.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article240 comments
Generic iOS 18

iOS 18.4 Coming Soon With These New Features for Your iPhone

Tuesday March 25, 2025 6:45 am PDT by
Apple is expected to release iOS 18.4 to the general public as soon as next week, following more than a month of beta testing. Apple's website says some iOS 18.4 features will be released in "early April," so the update should be out as early as Tuesday, April 1. Apple this week seeded the iOS 18.4 Release Candidate, which is typically the final beta version, barring the discovery of any...
Read Full Article14 comments
ios 19 messages app

Here's What Apple's iOS 19 Messages App Might Look Like

Tuesday March 25, 2025 11:52 am PDT by
Leaker Jon Prosser today shared a mockup of what he says the Messages app will look like in iOS 19, demoing an interface with rounded, translucent bubble-shaped navigation buttons at the top and softer, rounder corners for the keyboard and word suggestions. Jon Prosser's Messages app mockup The return button, a button for going back to the Messages list, and the FaceTime button have a deeper...
Read Full Article93 comments
iCloud General Feature Redux

iPhone Users Who Pay for iCloud Storage Receive a New Perk

Thursday March 20, 2025 12:01 am PDT by
If you pay for iCloud storage on your iPhone, Apple has a new perk for you, at no additional cost. The new perk is the ability to create invitations in the Apple Invites app for the iPhone, which launched in the App Store last month. In the Apple Invites app, iCloud+ subscribers can create invitations for any occasion, such as birthday parties, graduations, baby showers, and more. Anyone ...
Read Full Article30 comments
macbook pro blue green

When Will Apple Release the M5 MacBook Pro?

Wednesday March 26, 2025 4:53 pm PDT by
Apple regularly refreshes the MacBook Pro models, and a new version that uses M5 series chips is in the works. Apple just finished refreshing most of the Mac lineup with M4 chips, and now it's time for the M5. Rumors suggest that we could see the first M5 MacBook Pro models this fall. Design There have been no rumors of a design update for the M5 MacBook Pro models that are coming this...
Read Full Article116 comments
airpods max 2024 colors

Don't Buy Into Apple's Hype About AirPods Max Gaining Lossless Audio

Monday March 24, 2025 4:24 pm PDT by
Apple today announced that AirPods Max with a USB-C port will be gaining support for lossless audio and ultra-low latency audio with a firmware update next month, alongside the release of iOS 18.4, iPadOS 18.4, and macOS 15.4. For context, audio files are typically compressed to keep file sizes smaller. There are lossy compression standards like MP3 and AAC (Advanced Audio Codec), which...
Read Full Article277 comments
Apple Lumon Terminal Pro

Apple's Mac Site Features Fictional 'Lumon Terminal Pro'

Wednesday March 26, 2025 12:19 pm PDT by
Apple is going all out with promotions for the popular Severance Apple TV+ show today, and as of right now, you'll find a new "Lumon Terminal Pro" listed on Apple's Mac site. The Lumon Terminal Pro is designed to look similar to the machines that Severance employees like Mark S. and Helly R. use for macrodata refinement. The Terminal features a blue keyboard, a small display with wide...
Read Full Article105 comments
Generic iOS 19 Feature Mock

Gurman: Jon Prosser's iOS 19 Mockups 'Aren't Representative' of Redesign

Tuesday March 25, 2025 4:47 pm PDT by
The iOS 19 mockup images that leaker Jon Prosser shared today are not representative of the actual iOS 19 design, Bloomberg's Mark Gurman said on social media. According to Gurman, the images that are "floating around" are based on "very old builds" or "vague descriptions," and are lacking key features. Gurman says that we can "expect more from Apple in June." Gurman made the same comment ...
Read Full Article132 comments