Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

iPhone 7 wi-fi, Safari 'zero-day' exploits leveraged in pwn2own hacker's contest

Apple's iPhone 7 security was bypassed by a trio of hackers at the Mobile Pwn2Own event, with a wi-fi exploit, a system service bug, and two Safari bugs used to escalate privileges and run arbitrary code on the device.

The Tencent Keen Security Lab was the successful party in two of the three events at the conference, with Richard Zhu using two bugs in Safari on the iPhone 7 to escape the sandbox. At present, the attack techniques have not been verified by the Pwn2Own orchestrators.

Contest rules note that all of the devices subject to penetration will be running the latest version of their respective operating systems with all available patches installed. It is not clear at this time what specific version of iOS was installed on the iPhone 7. Tuesday's release of iOS 11.1 patched out the KRACK vulnerability, which in theory could have been used for the Wi-Fi exploit.

Once the research presented is confirmed to be a true 0-day exploit, Pwn2Own immediately discloses the vulnerability to the vendor, who is given 90 days to release a fix before the organization publishes a "limited advisory" about the method. Representatives from Apple, Google, and Huawei were all available at the conference and able to ask questions of the researchers if needed.

A bug in the Samsung Internet Browser was demonstrated at the event. Keen Security Lab also used a stack overflow attack on the Huawei Mate9 Pro to bypass code execution limitations.

Pwn2Own is a computer hacking contest that had its inaugural event in 2007, and has been held annually since. The first contest was generated in response to frustration with Apple's lack of response to the "Month of Apple Bugs" and the "Month of Kernel Bugs," events, as well as Apple's commercials at the time that lampooned Windows security.

Winners of the contest receive the device that they exploited, a cash prize, and a "Masters" jacket celebrating the year of their win.

The latest Mobile Pwn2Own was held during the PacSec conference, at Aoyama St. Grace Cathedral in Tokyo, Japan.



7 Comments

lkrupp 19 Years · 10521 comments

If anything this contest shows how complicated and tough software development is. Personal computers have been around for over forty years now and the software running on them is still full of holes. To me it also points out how ridiculous people are when they say things like “Don’t they test this stuff before releasing it?” Well, yes, THEY do test but it’s never good enough. Holes always remain. Take a look at the macOS 10.13.1 security document release. There are dozens of patches for security issues that we’ve never heard of nor will ever encounter. Pwn2Own gets a lot of press every year but the unsung heroes are the security researchers who sit at their desks every day slogging through code looking for problems, developing and testing exploits, dutifully reporting what they find to Apple, Microsoft, Google, et al.

krawall 12 Years · 164 comments

lkrupp said: Pwn2Own gets a lot of press every year but the unsung heroes are the security researchers who sit at their desks every day slogging through code looking for problems, developing and testing exploits, dutifully reporting what they find to Apple, Microsoft, Google, et al.

I do agree.

Yet, still, you have some folks that have to make a living and will only do so by monetary imbursement so I think this is still a great way to patch holes and give out some money to the ones that find those holes. Running arbitrary code, I honestly did not think this was possible on this time and date of iOS development ...

cgWerks 8 Years · 2947 comments

krawall said:
lkrupp said: Pwn2Own gets a lot of press every year but the unsung heroes are the security researchers who sit at their desks every day slogging through code looking for problems, developing and testing exploits, dutifully reporting what they find to Apple, Microsoft, Google, et al.
I do agree.

Yet, still, you have some folks that have to make a living and will only do so by monetary imbursement so I think this is still a great way to patch holes and give out some money to the ones that find those holes. Running arbitrary code, I honestly did not think this was possible on this time and date of iOS development ...

Yes, any who have the integrity to go through any of these channels vs probably making a ton more money selling it to criminals/3-letter-orgs.

airnerd 13 Years · 688 comments

I love hearing about things like this.  No corporate group-think going on here, just people with a motivation to ferret out flaws and then reporting the flaws to the vendor so they can fix them.  It's like free QA for all of us.  

DavidAlGregory 8 Years · 214 comments

I would personally prefer Apple spend more time on security and less time on "features" like emoji, animoji, fireworks on Messaging, etc.