At the annual Pwn2Own contest hackers broke into the Safari browser and the panel Bar Touch in the new MacBook Pro. Using more than 10 vulnerabilities, they got root access in the operating system macOS, earning a total of $62 000.
“Hunters of vulnerability” again gathered together to test their strength at the annual Pwn2Own hacking competition organised by the Zero Day Initiative. The first day they were able to successfully hack Microsoft Edge, Safari, Adobe Reader and the desktop version of Ubuntu. This year the prize Fund of the competition is $1 million.
The Safari browser was hacked twice. The first successful attack was carried out by a team led by researchers Samuel Gross and Niklas Baumstark. Exploit five vulnerabilities, they managed to take an arbitrary message on the Touch panel Bar new MacBook Pro.
Later Safari was hacked by the Chinese Chaitin Technology. In both cases we exploited a number of vulnerabilities that allowed the code to run as root on macOS. Team Grosso and Baumstark only got $28 000, as its attack was only partially successful. Chaitin Technology has won a $35 000.
A reward of $80 000 was received by the Tencent team for hacking Microsoft Edge, which, along with Google Chrome is the most resilient to cyber attacks due to the mechanism of the sandbox. The researchers also tried to hack Chrome, but did not manage the time.
$15 000 brought the team Chaitin attack privilege escalation in the kernel on the desktop version of Ubuntu.