Safari exploit successfully demonstrated at Pwn2Own 2018
Trend Micro's Zero Day Initiative kicked off its annual Pwn2Own hacking competition on Wednesday with two attempts to exploit Apple's Safari web browser, one of which was successful.
Samuel GroÃ of phoenhex hacked Safari with a three bug chain containing a macOS elevation of privilege vulnerability, according to the convention's blog.
A press release provided additional detail, saying the exploit modified text on a MacBook Pro's touchbar. GroÃ received $65,000 for his efforts and six points toward the coveted Master of Pwn title.
A separate Safari exploit was attempted by Richard Zhu, who bypassed iPhone 7 security protocols using two Safari bugs at the Mobile Pwn2Own event in November. At Pwn2Own 2018, Zhu was unable to get his sandbox escape up and running within the allotted 30 minute time limit.
Zhu did, however, successfully target Microsoft Edge with a Windows kernel EoP, specifically two use after free (UAF) vulnerabilities and an integer overflow in the kernel.
GroÃ's phoenhex teammate Niklas Baumstark also saw partial success in a bug targeting Oracle VirtualBox.
Started in 2007, Pwn2Own is an annual hacking contest that encourages security researchers to find, share and demonstrate zero-day vulnerabilities impacting a range of modern software and hardware. Those successful get to keep the hacked device — hence "pwn to own" — receive a cash prize and, if they rack up enough points, a "masters" jacket, while vendors are given information about vulnerabilities and a chance to patch them.
This year, ZDI partnered with Microsoft and sponsor VMWare to offer $2 million in cash and prizes to hackers targeting virtualization, web browsers, enterprise applications, servers and a special Windows Insider Preview Challenge. Five contestants were selected at random take part in the two-day competition, which covers two of the target categories.
Day two of Pwn2Own commences on Thursday and will include two more attempts at Safari, including a macOS kernel EoP exploit and a sandbox escape.