Safari for Mac was hacked using a kernel zero-day exploit during the Pwn2Own annual hacking contest. The security researcher, Jack Dates of RET2 Systems, won a meaty prize of $100,000 for successfully demonstrating his exploit.
Jack Dates used an integer overflow in Safari for Mac and an OOB write to get kernel code execution. For this hack, he won $100,000 and 10 Master of Pwn points, which is used to rank the contestants during the three-day event.
Safari for Mac falls to zero-day flaw during Pwn2Own 2021
Due to the pandemic, Pwn2Own is being held virtually this year. Safari was the first browser to fall to hacks during the event, as Jack had attempted it on Tuesday, April 6. The event also saw successful hacks for Microsoft Exchange Server, Microsoft Teams, Windows 10, Parallels Desktop, Ubuntu Desktop, Google Chrome, Microsoft Edge, Zoom, and more fall to hackers. Some of the exploits for Exchange and Teams saw winnings of up to $400,000.
This year saw up to $1.2 million in winnings, a record for Pwn2Own events. The top exploits of the event included a Microsoft Exchange exploit and a zero-day Zoom exploit.
All exploits demonstrated during the event will be reported to the respective tech companies, so they can fix them and release software patches within 90 days. The event was sponsored by VMWare, and its partners were Tesla, Zoom, and Adobe. Only Zoom’s product fell to exploits during the event.
With all the constant security flaws and data leaks being reported nowadays, such events are a necessity so that flaws can be found and fixed quickly. Outside of these events, Google and Microsoft have their own security teams that constantly find and report exploits so that other tech vendors can fix them. Some of the recent exploits that Apple fixed in iOS and macOS were reported by Google’s Project Zero team, which exists to find zero-day flaws before malicious actors do.
Check out Jake Dates’ security exploit for Safari below:
Congratulations Jack! Landing a 1-click Apple Safari to Kernel Zero-day at #Pwn2Own 2021 on behalf of RET2: https://t.co/cfbwT1IdAt pic.twitter.com/etE4MFmtqs
— RET2 Systems (@ret2systems) April 6, 2021