Pwn2Own 2017: in another year of the competition, hackers find vulnerabilities in Safari and macOS

The conference CanSecWest 2017, which is taking place in Vancouver from March 15 to 17, started its activities yesterday and the competition between hackers in Pwn2Own already managed to show some situations not very favorable for Apple.

The results of the first day of competition, published in the Zero Day Initiative, revealed success in hacking attempts both on Safari and on the new MacBook Pro with Touch Bar.

Pwn2Own 2017 MacBook Pro Touch Bar

Independent hackers Samuel Gro and Niklas Baumstark snapped up $ 28,000 by securing a ‚Äúpartial win‚ÄĚ from a Safari vulnerability by accessing the root macOS and earning extra points for leaving a message on the Touch Bar of a MacBook Pro (image above).

Towards the end of the day, the Chaitin Security Research Lab also aimed at Safari to gain access root macOS, making $ 35,000 after taking advantage of six vulnerabilities on Ma’s browser, including an information access loophole, four errors "Type confusion" and one of use-after-free (UAF) on the WindowServer.

As in other years, Apple representatives were present to ensure that possible threats to their operating systems and browsers can be known and then corrected. Other vulnerabilities were also found in Adobe Reader, the Microsoft Edge browser, Windows itself and Ubuntu.

The competition will continue and, in addition to the recognition and fun, this year hackers can win more than $ 1 million in total that incentive never too much, right?

(via MacRumors)