Hackers uncover two critical Safari vulnerabilities at Pwn2Own conference in Vancouver

Sometimes hacks are a good thing.

Over at the Pwn2Own security conference in Vancouver, no less than two major security flaws were discovered in Apple’s Safari web browser. The flaws, if exploited, could allow an outside party to seize full control of a targeted Mac.

Demonstrated by the “phoenhex & qwerty” team during the contest, the biggest vulnerability involves a website triggering a JIT bug and two heap out-of-bounds reads, then a time-of-check-time-of-use bug to move from root access to the kernel. Though Apple is reportedly aware of one of the bugs used, the team won $45,000 for their efforts.

The second team, “Fluoroacetate,” collected a $55,000 bounty after finding a way to escape macOS sandboxing through a Safari integer overflow as well as a heap overflow. The hack relies on a brute force technique, which had to fail repeatedly before succeeding.

The competition featured cash prizes, including $240,000 for the first day alone. Teams also receive the notebooks the exploits are demonstrated on, as well as “Master of Pwn” points for the overall competition. 

The Pwn2Own Vancouver conference is hosted by Trend Micro’s Zero Day Initiative, the conference itself offering financial incentives to white-hat hackers after validating their efforts. The conference also offers increasing payouts to hackers if they stay on the white-hat side of the fence.

Pwn2Own, and similar events, serve as attempts for hackers and researchers to warn developers and companies about security issues in advance, as opposed to exploits being discovered and use by black-hat hackers and/or bad actors.

Apple products are regularly cracked at Pwn2Own, as are Microsoft’s and third-party browsers. Two other Safari exploits were uncovered at 2018’s edition of the conference. 

Stay tuned for additional details as they become available.

Via AppleInsider