Skip to main content

Safari targeted in two more exploits at the Pwn2Own security conference

As the annual Pwn2Own conference continues today, Safari remains a common target among security researchers. Following the exploits we reported on earlier today, day two of the conference brought more news for Apple…

First, according to results posted to the Trend Micro’s Zero Day Initiative website this evening, Georgi Geshev, Alex Plaskett, and Fabi Beterke of MWR Labs used two vulnerabilities to exploit Safari and ultimately escape the sandbox. This means the exploit theoretically would be able to access permissions beyond Safari.

The MWR Labs team ultimately earned $55,000 and 5 Master of Pwn points.

MWR Labs – Alex Plaskett , Georgi Geshev , Fabi Beterke, targeting Apple Safari with a sandbox escape

Success: The team used two vulnerabilities to exploit Safari and escape the sandbox. They earned themselves $55,000 and 5 Master of Pwn points.

In a separate session, Nick Burnett, Markus Gaasedelen, and Patrick Biernat of Ret2 Systems targeted Safari with a macOS kernel elevation of privilege vulnerabilities. The team was ultimately unable to complete their exploit during their allotted time, though they did get it working after the fact.

Markus Gaasedelen, Nick Burnett, Patrick Biernat of Ret2 Systems, Inc. targeting Apple Safari with a macOS kernel EoP

Failure: The contestant could not get his exploit working within the time allotted.

The most important aspect of the Pwn2Own conference, which began is 2007, is that developers like Apple are notified of the exploits and have ample opportunity to patch what could otherwise be critical software flaws.


Subscribe to 9to5Mac on YouTube for more Apple news:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications