Safari sandbox exploit demonstrated at Pwn2Own 2018

Pwn2Own just kicked off and hackers have already detected three Apple bugs so far. Here’s a quick overview of the Safari exploit discovered by Samuel Groß at this event.

Samuel Groß exploits Safari at Pwn2Own 2018

The hacker behind this Safari sandbox exploit is Samuel Groß of the famed Pheonhex Dev Team. Just like the previous year, he again utilized the MacBook Touch Bar to exploit Safari.

He also executed unsigned code using a kernel vulnerability and changed the text of the Touch Bar.

The hacker bagged $65,000 along with the MacBook that he used to demonstrate the exploit.

Prior to Samuel Groß’s hacking attempt, famous hacker Richard Zhu aka Fluorescence also tried his hand at hacking Safari.

However, he was unable to hack Apple’s web browser in the allotted duration of 30 minutes.

After his first attempt failed, Zhu bounced back and successfully hacked the Microsoft Edge browser. He eventually ended up earning $70,000 despite failing twice in a row.

Pwn2Own 2018 Highlights

Hackers discovered three Apple bugs, two Oracle bugs, and three Microsoft bugs on the first day of the hacking competition.

Just so you know, none of these bugs will be released publicly; rather, they will be purchased by the respective device manufacturers to patch them in a future firmware update.

Here are the results of the first day of the competition.

The 2018 event offers up to a whopping $2 million worth of prizes. Microsoft is the official partner of the Zero Day Initiative while VMWare is the main sponsor of the hacking event.

The Chinese hacker currently has seven “Master of Pwn” points in his kitty and currently stands at the first place.

The other two Phoenhex Team hackers, Samuel and Niklas Baumstark trail with six and three points each.

Who do you think will become the Master of Pwn 2018? Leave your comments below.

For more security news and updates, follow us on Twitter and Facebook.

Leave a Reply