With Trend Micro’s Zero Day Initiative kicking off its annual Pwn2Own 2018 hacking competition yesterday, Samuel Groß of ‘phoenhex’ successfully exploited Apple’s Safari browser to win $65,000 in rewards. Just like last year, his exploit involved a MacBook Pro Touch Bar component, allowing him to leave a message on the Touch Bar after a successful exploit.
Richard Zhu, who bypassed iPhone 7 security protocols using two Safari bugs at the Mobile Pwn2Own event in November, attempted another Safari exploit but was unable to succeed within the allotted time due to a failure in the heapspray technique. He did however manage to successfully exploit Microsoft Edge with a Windows kernel EoP, earning him $70,000.
For those who aren’t familiar, Pwn2Own is an annual hacking contest that allows security researchers to find, share and demonstrate zero-day vulnerabilities impacting a range of modern software and hardware. Those successful get to keep the hacked device, hence the name “pwn to own”, in addition to receiving cash and other prizes.
The second day of Pwn2Own commences today and will include two more attempts at Safari.