contador web Saltar al contenido

Mobile Pwn2Own 2017: Hackers exploit vulnerabilities in Safari and Wi-Fi on an iPhone 7

Earlier this year, competition participants Pwn2Own, which brings together several hackers "for good", managed to find vulnerabilities in Safari and macOS. Yesterday, at Mobile Pwn2Own 2017, everything was repeated with the iPhone 7.

The annual competition for Trend Micro took place in Tokyo, Japan, during the PacSec security conference. Participants spent the day trying to break into Ma's smartphone, as well as the Samsung Galaxy S8, O Google Pixel it's the Huawei Mate 9 Proin order to get hands on prizes that totaled more than $ 500,000.

An iPhone 7 running the latest public version of Apple's operating system, the iOS 11.1, managed to get hacked twice by Tencent Keen Security Lab. The first time, the team explored a loophole in Wi-Fi and managed to earn $ 110,000, in addition to 11 points in the "Master of Pwn"; j in the second hack, the attempt went directly to Safari, making it possible for the group to raise another $ 45,000 and 13 points.

O Tencent Keen Security Lab got a good time when it attacked Safari on the iPhone 7. It took them only a few seconds to demonstrate success in their exploration, which used only two bugs: one in the browser and the other in a system service, which allows an application to persist on a reboot.

Security researcher Richard Zhu also managed to exploit two bugs to gain access to the Safari browser and successfully run a code on the iPhone 7, earning $ 25,000 and 10 points "Master of Pwn".

Other devices, like the Galaxy S8 and Mate 9 Pro, also suffered from some loopholes and allowed participants to receive a total of $ 350,000.

This was only the first day of the 2017 edition of Mobile Pwn2Own so several other vulnerabilities can still be discovered on several systems.

Although it seems easy to discover these problems, the systems are put to the test on purpose, so that everything is properly reported to the technology companies, which then have up to 90 days to correct them.

via MacRumors