NEWS
Two Critical Safari Vulnerabilities Exposed at Vancouver Security Conference
1544
2019-03-22
Posted by 3uTools

Two major Safari security flaws were uncovered at this week's Pwn2Own conference in Vancouver, one of which could seize full control of a targeted Mac.


Two Critical Safari Vulnerabilities Exposed at Vancouver Security Conference



Demonstrated by the "phoenhex & qwerty" team during the contest, the biggest vulnerability involves a website triggering a JIT bug and two heap out-of-bounds reads, then a time-of-check-time-of-use bug to move from root access to the kernel. Though Apple is reportedly aware of one of the bugs used, the team won $45,000 for their efforts.

Another team, "Fluoroacetate," took home $55,000 for finding a way of escaping macOS sandboxing via a Safari integer overflow and a heap overflow. The hack did however take nearly all of the team's allotted time since at one point it relied on a brute force technique — that is, it had to fail repeatedly before succeeding.

Along with cash prizes, which totalled $240,000 in the first day alone, teams also receive the notebooks the exploits are demonstrated on, as well as "Master of Pwn" points for the overall competition. 

Pwn2Own Vancouver is being hosted by Trend Micro's Zero Day Initiative. The program offers financial incentives to white-hat hackers after validating their efforts, with increasing payouts if they remain loyal. 

The competition and incentives are attempts for hackers and researchers to warn developers and companies about security issues in a responsible manner, instead of selling the exploits to black-hat hackers. While the issues could net higher rewards by selling to bad actors, it would also leave software vulnerable to attack until the issue was discovered and disclosed by others. 

While this primarily benefits Trend Micro's security products, it also notifies vendors like Apple, ideally improving overall platform security. Full details on the new Safari flaws won't be made public until Apple has issued a patch, which depending on the flaw and disclosure requirements, could take months. 

Apple products are regularly cracked at Pwn2Own, as are Microsoft's and third-party browsers. Two other Safari exploits were uncovered at 
2018's edition of the conference, for example.


Source: appleinsider


Related Articles
Apple Removes iCloud Activation Lock Status Tool From Website macOS High Sierra 10.13.2 Beta 4 Now Available Alibaba Pandora Lab Jailbreaks iOS 11.2 Successfully Apple Releases macOS Catalina With Find My, Screen Time, and No More iTunes Rumor: Apple Blocks Activation on iOS 9.0-9.3.5 Firmware Apple Still Signing iOS 11.3 Beta 5/6, Downgrade to It to Jailbreak Your iPhone iCloud Bypass Bug Discovered in iOS 11 iOS 10.3 Jailbreak / iOS 10.3.1 Jailbreak