Pwn2Own 2016 is taking place these days in Vancouver, Canada, and many hackers and computer security researchers from around the world are present at the event either to demonstrate software vulnerabilities or to listen to the presentations of some of the invited speakers.
During the first day of presentations a computer security researcher named JungHoon Lee won $60.000 after successfully exploiting OS X and Safari using 4 vulnerabilities, three attacking the operating system and only one the Apple browser.
JungHoon Lee demonstrated a way in which he managed to obtain root access to the OS X operating system through Safari and execute unsigned code, something that should normally be impossible if Apple were to completely secure the software offered to users.
Separated, the Tencent Security Team Shield group managed to gain root access to OS X through Safari using two separate vulnerabilities, one in the Safri browser and one in a process with administrator privileges, they getting 40.000 dollars for the success.
JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Apple Safari to gain root privileges. The attack consisted of four new vulnerabilities: a use-after-free vulnerability in Safari and three additional vulnerabilities, including a heap overflow to escalate to root. This demonstration earned 10 Master of Pwn points and US$60,000.
In total, 5 teams demonstrated vulnerabilities on the first day of Pwn2Own, and they collected no less than 282.500 dollars for the work done, 132.500 dollars of the entire amount being collected only by the 360Vulcan team.
