Systems researcher Jack Dates was paid $100,000 after finding a new exploit in Apple’s Safari web browser he revealed at the Pwn2Own 2021 event which the Zero Day Initiative holds to encourage white hat hackers to report zero-day vulnerabilities to the affected companies instead of selling these breaches to malicious actors.
This year, systems researcher Jack Dates was paid $100,000 after finding a new exploit in Apple’s Safari web browser.
Dates has managed to use an integer overflow to get kernel-level code execution through Safari for Mac, which means that the exploit leads to full access to the rest of the computer. The confirmation was shared on Twitter with a short GIF showing the exploit in action.
Congratulations Jack! Landing a 1-click Apple Safari to Kernel Zero-day at #Pwn2Own 2021 on behalf of RET2: https://t.co/cfbwT1IdAt pic.twitter.com/etE4MFmtqs
— RET2 Systems (@ret2systems) April 6, 2021
Although the event was not focused on Apple products, the Safari exploit was indeed unknown, so Dates won $100,000 for his discovery.
MacDailyNews Take: Congrats to Jack Dates!