Security researcher earns $100K prize for Safari exploit at Pwn2Own 2021

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

A security researcher participating in the Pwn2Own hacking contest earned $100,000 for finding a one-click exploit in Apple's Safari browser.

The 2021 Pwn2Own content kicked off on April 6. On the first day, RET2 Systems researcher Jack Dates found a vulnerability in Apple's browser, according to the Zero Day Initiative, which hosts the content.

As demonstrated in a tweet, Dates used an integer overflow and an out-of-bounds write to achieve kernel-level code execution. The researcher won a $100,000 prize and 10 points in the competition.

The Zero Day Initiative hosts the Pwn2Own competition annually, inviting security researchers from across the globe to seek out vulnerabilities in major operating systems and platforms. Other targets in the 2021 competition include Zoom, Google Chrome, and Microsoft Edge.

Although Apple products are not typically the most popular target at Pwn2Own, this isn't the first time researchers have discovered flaws in Safari during the event. Similar vulnerabilities were discovered at the 2018 and 2019 events.