On the televisions of our country we are used to seeing the strangest and most diverse contests. Far from the "1,2,3 answer again" and the "yellow humor" of the Japanese, today we entertain ourselves by watching blockbusters of isolated celebrities on deserted islands, or things like that.
There is an annual contest that often goes unnoticed for us, but has a huge following worldwide. Its about "Pwn2Own", Where the most famous hackers are put to the test by making them" blow up "different systems live. One of them has gained a nice pinch by hacking a Safari exploit.
Every year, the Zero Day Initiative organizes a hacking contest called "Pwn2Own" where security researchers can earn money if they find serious vulnerabilities live on major platforms such as Windows and macOS.
This virtual event "Pwn2Own 2021" started earlier this week and featured 23 hacking attempts separated into 10 different products, including web browsers, virtualization, servers, and more. A contest lasting several hours a day for three consecutive days, broadcast live on YouTube.
Apple's systems were not heavily attacked in this edition of the contest, but on the first day, Jack dates RET2 Systems ran a Safari exploit "to kernel zero-day" and won U.S. dollar 100.000. Used an integer overflow in Safari and an OOB script to get code execution at kernel level, as certified by the tweet of the organization.
Congratulations Jack! Landing a 1-click Apple Safari to Kernel Zero-day at # Pwn2Own 2021 on behalf of RET2: https://t.co/cfbwT1IdAt pic.twitter.com/etE4MFmtqs
- RET2 Systems (@ ret2systems) April 6, 2021
Not only did they hack Safari
Other hacking attempts during the "Pwn2Own" event targeted Microsoft Exchange, Parallels, Windows 10, Microsoft Teams, Ubuntu, Oracle VirtualBox, Zoom, Google Chrome, and Microsoft Edge, getting more or less fortune.
For example, the Dutch researchers Daan Keuper and Thijs Alkemade, demonstrated a serious security flaw in Zoom. The duo exploited a trio of flaws to gain full control of a target PC using the Zoom app without user interaction.
Pwn2Own contestants received over 1,2 million in rewards for the mistakes they discovered. Pwn2Own gives vendors like Apple 90 days to produce a fix for discovered vulnerabilities, so we can expect the bug to be addressed in an upcoming update.
