As the annual Pwn2Own conference continues today, Safari remains a common target among security researchers. Following the exploits we reported on earlier today, day two of the conference brought more news for Apple…
First, according to results posted to the Trend Micro’s Zero Day Initiative website this evening, Georgi Geshev, Alex Plaskett, and Fabi Beterke of MWR Labs used two vulnerabilities to exploit Safari and ultimately escape the sandbox. This means the exploit theoretically would be able to access permissions beyond Safari.
The MWR Labs team ultimately earned $55,000 and 5 Master of Pwn points.
MWR Labs – Alex Plaskett , Georgi Geshev , Fabi Beterke, targeting Apple Safari with a sandbox escape
Success: The team used two vulnerabilities to exploit Safari and escape the sandbox. They earned themselves $55,000 and 5 Master of Pwn points.
In a separate session, Nick Burnett, Markus Gaasedelen, and Patrick Biernat of Ret2 Systems targeted Safari with a macOS kernel elevation of privilege vulnerabilities. The team was ultimately unable to complete their exploit during their allotted time, though they did get it working after the fact.
Markus Gaasedelen, Nick Burnett, Patrick Biernat of Ret2 Systems, Inc. targeting Apple Safari with a macOS kernel EoP
Failure: The contestant could not get his exploit working within the time allotted.
The most important aspect of the Pwn2Own conference, which began is 2007, is that developers like Apple are notified of the exploits and have ample opportunity to patch what could otherwise be critical software flaws.
Confirmed! @mwrlabs leveraged a heap buffer underflow in the browser and an uninitialized stack variable in macOS to exploit #Safari and escape the sandbox. In doing so, they earned $55,000 and 5 Master of Pwn points. pic.twitter.com/75FRNueMWL
— Zero Day Initiative (@thezdi) March 15, 2018
The folks from @Ret2systems targeting Safari weren't able to complete their exploit in 3 attempts. While it worked on the 4th attempt, it still counts as a failure. Bugs were purchased & disclosed to Apple through our normal process. pic.twitter.com/rhGkBY06B2
— Zero Day Initiative (@thezdi) March 15, 2018
Subscribe to 9to5Mac on YouTube for more Apple news:
FTC: We use income earning auto affiliate links. More.
Comments