The team took home a $40,000 bounty for their efforts on Safari, as well as a share in a $75,000 prize for co-engineering a zero-day Flash exploit. They say they will donate some of their winnings towards charities representing missing Malaysian Airplane passengers.
The group say that for Safari, they used two different exploit vectors. One vulnerability was a heap overflow in WebKit that enabled arbitrary code execution. The team then used this opening to use another exploit to bypass the application sandbox and run code as if it was user privileged.
According to Chen, one of the pair who represented the Keen Team at Pwn2Own, the WebKit fix is will be easy for Apple to resolve although the sandbox exploit may be harder.
“I think the Webkit fix will be relatively easy,” Chen said. “The system-level vulnerability is related to how they designed the application; it may be more difficult for them.”
That being said, Chen believes that OS X offers better security than its rival operating systems.
“For Apple, the OS is regarded as very safe and has a very good security architecture,” Chen said. “Even if you have a vulnerability, it’s very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems.”
In a separate interview with CNET, Chen said that despite the locked-down nature of iOS, Apple’s mobile OS is usually easier to target than OS X because Apple implements newer security safeguards more quickly on the desktop platform.
As usual, Apple representatives observed the exploits at the event so fixes for the issues will likely appear bundled into future software updates for iOS and OS X.