The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes.

Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.

C6 w vqU8AA hjw

In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.

Later in the day, Chaitin Security Research Lab also targeted Safari with an escalation to root on macOS, finding success using a total of six bugs in their exploit chain, including "an info disclosure in Safari, four type confusion bugs in the browser, and a UAF in WindowServer". The combined efforts earned the team $35,000.

The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop, and Microsoft Edge on Windows.

Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two begins today at 8:30 a.m. Pacific and will involve additional exploit attempts against macOS and Safari.

Tags: Apple Security, Exploit, macOS, Pwn2Own, Safari, Security

Top Rated Comments

Kabeyun Avatar
Kabeyun
104 months ago
These people are pretty smart. Gotta say.
Score: 6 Votes (Like | Disagree)
69Mustang Avatar
69Mustang
104 months ago
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?
Reading more into it. This is a yearly event. Every year they expose vulnerabilities in every OS. They provide each vendor with the vulnerability so it can be patched.
Score: 3 Votes (Like | Disagree)
NT1440 Avatar
NT1440
104 months ago
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?
It's a yearly competition, and the entire point is to find, disclose, and get these types of exploits closed. Note that they almost always spend months pre-planning (so avoid those "____ hacked in 30 seconds!" clickbait headlines) and it takes several combined exploits to get the results they want....as well as hands on with the computer.
Score: 3 Votes (Like | Disagree)
2457244 Avatar
2457244
104 months ago
Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.
Haha they get 28.000 for that? I've seen developers create stuff like this and called it an app or feature. ;) :rolleyes: o_O

You gotta love the Touch Bar folks. They look so pretty, don't they. Even my sister can get dates now.
Score: 2 Votes (Like | Disagree)
ApfelKuchen Avatar
ApfelKuchen
104 months ago
I was always under the impression Mac has enjoyed many years of very little exposure in terms of exploits or viruses mainly because hackers focused on the big fish like Microsoft. Microsoft's OS is used for business all over the world. As MacOS gains in popularity so will the number of hacks, viruses, and malware. Just a matter of time.
And while I'm purely speculating, the size of the Microsoft target is such that, perhaps, the prize money offered is insufficient - better to keep selling exploits on the black market. Leaving the public relations value aside ("Windows exploit? Ho hum!"), a target ten times the size justifies ten times the prize.
[doublepost=1489773007][/doublepost]
Apple representatives have attended the Pwn2Own contest in the past?? That's interesting. If it were my company I'd want someone at EVERY ONE of these kinds of contests.
This is standard news reportage. Unless you can report, as a fact, that Apple sends someone to "EVERY ONE of these kinds of contests," you fall back upon what you know is true.

It's highly likely that Apple does dispatch staff to every one of these kinds of contests. In addition to uncovering exploits, they'd seem to be pretty good places for recruiting talent, keeping in touch with the movers and shakers, etc. But "highly likely" is not provable fact, and chances are, due to the nature of travel, even if Apple dispatched staff to every such event, it doesn't mean they always arrived.
Score: 1 Votes (Like | Disagree)
joy.757 Avatar
joy.757
104 months ago
Really cool work. I am fascinated at how they do such stuff. I have no idea on how you'd even start.
Score: 1 Votes (Like | Disagree)
Read All Comments

Popular Stories

Apple iPhone 16e Feature

Apple Announces iPhone 16e With A18 Chip and Apple Intelligence, Pricing Starts at $599

Wednesday February 19, 2025 8:02 am PST by
Apple today introduced the iPhone 16e, its newest entry-level smartphone. The device succeeds the third-generation iPhone SE, which has now been discontinued. The iPhone 16e features a larger 6.1-inch OLED display, up from a 4.7-inch LCD on the iPhone SE. The display has a notch for Face ID, and this means that Apple no longer sells any iPhones with a Touch ID fingerprint button, marking the ...
Read Full Article674 comments
iphone 17 pro asherdipps

iPhone 17 Pro Models Rumored to Feature Aluminum Frame Instead of Titanium Frame

Tuesday February 18, 2025 12:02 pm PST by
Over the years, Apple has switched from an aluminum frame to a stainless steel frame to a titanium frame for its highest-end iPhones. And now, it has been rumored that Apple will go back to using aluminum for three out of four iPhone 17 models. In an investor note with research firm GF Securities, obtained by MacRumors this week, Apple supply chain analyst Jeff Pu said the iPhone 17, iPhone...
Read Full Article175 comments
apple launch feb 2025 alt

Here Are the New Apple Products We're Still Expecting This Spring

Thursday February 20, 2025 5:06 am PST by
Now that Apple has announced its new more affordable iPhone 16e, our thoughts turn to what else we are expecting from the company this spring. There are three product categories that we are definitely expecting to get upgraded before spring has ended. Keep reading to learn what they are. If we're lucky, Apple might make a surprise announcement about a completely new product category. M4...
Read Full Article61 comments
Generic iOS 18

Here's When Apple Will Release iOS 18.4

Wednesday February 19, 2025 11:38 am PST by
Following the launch of the iPhone 16e, Apple updated its iOS 18, iPadOS 18, and macOS Sequoia pages to give a narrower timeline on when the next updates are set to launch. All three pages now state that new Apple Intelligence features and languages will launch in early April, an update from the more broader April timeframe that Apple provided before. The next major point updates will be iOS ...
Read Full Article46 comments
prioritize notifications ios 18 4

Everything New in iOS 18.4 Beta 1

Friday February 21, 2025 1:08 pm PST by
Apple finally released the first beta of iOS 18.4 to developers for testing purposes, and while the beta is lacking some of the Apple Intelligence features we were hoping for, there are some notable new additions. Subscribe to the MacRumors YouTube channel for more videos. Priority Notifications - Apple Intelligence There is a new Priority Notifications feature that can show you your most...
Read Full Article74 comments
apple launch feb 2025

Tim Cook Teases an 'Apple Launch' Next Wednesday

Thursday February 13, 2025 8:07 am PST by
In a social media post today, Apple CEO Tim Cook teased an upcoming "launch" of some kind scheduled for Wednesday, February 19. "Get ready to meet the newest member of the family," he said, with an #AppleLaunch hashtag. The post includes a short video with an animated Apple logo inside a circle. Cook did not provide an exact time for the launch, or share any other specific details, so...
Read Full Article286 comments
iPhone 16e Feature

Apple Denies Speculation Surrounding iPhone 16e's Lack of MagSafe

Friday February 21, 2025 8:01 am PST by
Apple has confirmed that its custom-designed C1 modem in the iPhone 16e has nothing to do with the device's lack of MagSafe support, according to Macworld. Following the launch of the iPhone 16e, there was some speculation online about how MagSafe magnets might have interfered with the C1 modem's cellular connectivity performance, and this was considered to be a potential reason for the...
Read Full Article151 comments
apple c1

Apple Unveils 'C1' as First Custom Cellular Modem

Wednesday February 19, 2025 8:08 am PST by
Apple today announced its first custom cellular modem with the name "C1," debuting in the all-new iPhone 16e. The new modem contributes to the iPhone 16e's power efficiency, giving it the longest battery life of any iPhone with a 6.1-inch display, such as the iPhone 15 and iPhone 16. Expanding the benefits of Apple silicon, C1 is the first modem designed by Apple and the most...
Read Full Article145 comments