The Pwn2Own 2021 event is promoted by the Zero Day Initiative as a solution to encourage builders and researchers to report zero-day vulnerabilities to the affected firms as an alternative of promoting these breaches to malicious hackers. This yr, methods researcher Jack Dates was paid $100,000 after finding a brand new exploit in Apple’s Safari net browser.
For these unfamiliar with the time period, a zero-day exploit is mainly a newly found vulnerability that the repair remains to be unknown to the builders.
Dates has managed to make use of an integer overflow to get kernel-degree code execution by means of Safari for Mac, which implies that the exploit results in full entry to the remainder of the pc. The affirmation was shared on Twitter with a brief GIF exhibiting the exploit in motion.
Confirmed! Jack Dates from RET2 Systems used an integer overflow in Safari and an OOB Write to get kernel code execution. He wins $100Okay plus 10 Master of Pwn factors to start out the competition off proper!
Although the event was not centered on Apple merchandise, the Safari exploit was certainly unknown, so Dates gained $100,000 for his discovery. Last month, it was revealed how a bunch of hackers have been utilizing compromised websites to infect iOS devices. Learning about these safety breaches by the precise individuals permits Apple to rapidly patch these exploits with software program updates.
On a associated be aware, safety researchers additionally confirmed at the Pwn2Own event an exploit discovered within the well-liked video conferencing service Zoom, which additionally results in hackers gaining full entry to the pc.
More particulars about different safety breaches found by researchers at the Pwn2Own event may be discovered on the Zero Day Initiative’s official website.
FTC: We use revenue incomes auto affiliate hyperlinks. More.
