Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Two critical zero-day Safari vulnerabilities exposed at Vancouver security conference

Last updated

Two major Safari security flaws were uncovered at this week's Pwn2Own conference in Vancouver, one of which could seize full control of a targeted Mac.

Demonstrated by the "phoenhex & qwerty" team during the contest, the biggest vulnerability involves a website triggering a JIT bug and two heap out-of-bounds reads, then a time-of-check-time-of-use bug to move from root access to the kernel. Though Apple is reportedly aware of one of the bugs used, the team won $45,000 for their efforts.

Another team, "Fluoroacetate," took home $55,000 for finding a way of escaping macOS sandboxing via a Safari integer overflow and a heap overflow. The hack did however take nearly all of the team's allotted time, since at one point it relied on a brute force technique — that is, it had to fail repeatedly before succeeding.

Along with cash prizes, which totalled $240,000 in the first day alone, teams also receive the notebooks the exploits are demonstrated on, as well as "Master of Pwn" points for the overall competition.

Pwn2Own Vancouver is being hosted by Trend Micro's Zero Day Initiative. The program offers financial incentives to white-hat hackers after validating their efforts, with increasing payouts if they remain loyal.

The competition and incentives are attempts for hackers and researchers to warn developers and companies about security issues in a responsible manner, instead of selling the exploits to black-hat hackers. While the issues could net higher rewards by selling to bad actors, it would also leave software vulnerable to attack until the issue was discovered and disclosed by others.

While this primarily benefits Trend Micro's security products, it also notifies vendors like Apple, ideally improving overall platform security. Full details on the new Safari flaws won't be made public until Apple has issued a patch, which depending on the flaw and disclosure requirements, could take months.

Apple products are regularly cracked at Pwn2Own, as are Microsoft's and third-party browsers. Two other Safari exploits were uncovered at 2018's edition of the conference, for example.



26 Comments

racerhomie3 7 Years · 1264 comments

This is excellent. Good job security guys. Thanks for making all Apple platforms better.

22july2013 11 Years · 3736 comments

Is there any way to tell if these exploits have ever been used in the wild?

maciekskontakt 15 Years · 1168 comments

What's Safari? Who uses that? It was good 10 years ago, but now it is Chrome or Firefox only.

elijahg 18 Years · 2842 comments

What's Safari? Who uses that? It was good 10 years ago, but now it is Chrome or Firefox only.

I use it probably more than any other app on my Macs, and it is great. Faster than FF and Chrome - also without the tracking features, it syncs well with my other Macs and iPhone. Oh and supports handoff. Plus uses much less RAM than Chrome especially. Lots of people seem to be moving away from Chrome back to FF actually.