Pwn2Own 2017 has been quite a conference. Hackers have been able to exploit macOS Sierra and gain root privileges.
Table of Contents
Hackers Exploit macOS Sierra at Pwn2Own
Even though Apple continues to bolster the security of its operating systems, there are many loopholes waiting to be exploited.
This time hackers have successfully gained root privileges thanks to Safari browser. The full details of the exploit were not made public for security reasons.
All zero-day exploits found at this conference will be reported to the respective companies.
The Pwn2Own conference is not limited to just macOS. Hackers have also hacked in other operating systems such as Microsoft and Ubuntu. Several software tools such as Adobe Acrobat and Flash have also been hacked.
This conference isn’t all fun and games, it’s serious business. Prize money of up to a million dollars is distributed to the winning teams.
There are several hackers and teams that have been rewarded for finding exploits. Samuel Groß and Niklas Baumstark won $28,000 after hacking Safari to get root access rights in macOS.
They took advantage of the method the browser used to purge its memory. Here’s a tweet by Niklas Baumstark.
First team to pwn Safari on macOS with escalation to root at #pwn2own! Was a ton of fun to pull that off with @5aelo pic.twitter.com/4G8KNXuult
— Niklas Baumstark (@_niklasb) March 15, 2017
Another team from Chaitin Security Research Lab managed to get root privileges on macOS Sierra. They were also able to hack Ubuntu using a zero-day exploit found in the Linux kernel. They bagged $35,000 prize money for this feat.
Pwn2Own competition is organized within Canadian security conference CanSecWest. Here are the full results and recap of Day 1 of Pwn2Own 2017.
More Hacks to Come
The current Pwn2Own competition is sponsored by renowned antivirus manufacturer Trend Micro. This is the third day of Pwn2Own 2017 conference so even more hacks can be expected.
Pwn2Own 2017 again proves that no system is 100% secure and it just takes a skilled hacker to exploit it.
