“The eighteenth annual CanSecWest security conference is underway in downtown Vancouver, Canada, where researchers are competing in the 11th Pwn2Own computer hacking contest for over $2 million in prize,” Tim Hardwick reports for MacRumors.
“Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements,” Hardwick reports. “Samuel Groß of phoenhex returned to Pwn2Own to successfully hack Apple’s desktop Safari browser. Groß used a JIT optimization bug in Safari, a macOS logic bug, and a kernel overwrite to execute code to successfully exploit the browser, earning himself $65,000 and six points towards Master of Pwn. The exploit also caused a text-based message to appear on a MacBook Pro’s Touch Bar.”
Hardwick reports, “Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest so that they can be patched in future software updates.”
Read more in the full article here.
MacDailyNews Take: Anything that even further hardens Apple software security is a Good Thing™!