Safari and macOS did not have a very good day yesterday, after hackers present at Pwn2Own demonstrated exploits for the two Apple products. for macOS, several vulnerabilities have been demonstrated that allow the exploitation of the operating system, implemented in all Macs currently sold by Apple.
Using a Safari exploit, two hackers won $28.000 for gaining root access to macOS and displaying a message in the Touch Bar of a MacBook Pro. Separately, other hackers also exploited Safari to gain root access in macOS, with no less than 6 exploits being demonstrated, the team earning $35.000.
Those who exploited Safari won $67.000 of the total of $233.000 offered as prizes to hackers who demonstrated various exploits yesterday at Pwn2Own. Adobe Reader, Ubuntu Desktop and Microsoft Edge for Windows were also exploited, so it's not just Apple that has security problems.
As every year, representatives of the Apple company are present at Pwn2Own, and each company is informed about the vulnerabilities used in order to be able to close them.
"In a partial win, Samuel Groß and Niklas Baumstark earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.”
