“White-hat hackers at a security conference in Vancouver have found two zero-day Safari exploits, one of which allowed them to escalate their privileges to the point that they were able to completely take over the Mac,” Ben Lovejoy writes for 9to5Mac.
“The first exploit managed to escape the sandbox, a protection macOS uses to ensure that apps only have access to their own data, and any system data permitted by Apple,” Lovejoy writes. “The second got rather further, gaining both root and kernel access to the Mac.”
“The event was hosted by Trend Micro under the branding of its Zero Day Initiative (ZDI). The program was created to encourage hackers to privately report vulnerabilities to the companies concerned rather than sell them to bad actors. ZDI does this by offering financial rewards and kudos,” Lovejoy writes. “As per its usual practice, ZDI will not release detailed information on the exploits until Apple has confirmed that it has fixed them in a macOS update.”
Read more in the full article here.
blockquote>MacDailyNews Take: </strongKudos to Trend Micro and its Zero Day Initiative for heloping to make Apple’s platforms even more sercure!