Pwn2Own: Vulnerabilities are found in Safari and OS X

Even though participants in the Pwn2Own having already recognized Apple's great security, they still manage to find many flaws. And this year, it was no different.

In 2016, the competition, which takes place as usual in Vancouver during CanSecWest, took place over two days (3/16 and 3/17) and resulted in several vulnerability discoveries in Ma's browser and operating system.

On the first day, independent competitor Junghoon Lee (lokihardt) managed to find a exploit on Safari and three more vulnerabilities on OS X. These discoveries earned Lee a total of $ 60,000. On the first day, another US $ 40 thousand was delivered to the group Tencent Security Team Shield for being able to obtain privileges of root from two vulnerabilities, one in Safari and the other in a “privileged process”. On the second day, it was the group Tencent Security Team Sniper which secured $ 40,000 by discovering yet another vulnerability in Safari and another in OS X.

In addition to Ma's browser and operating system, Windows and other browsers also joined the game. See below the numbers of vulnerabilities found and disclosed by Trend Micro, one of the sponsors of the event:

  • Microsoft Windows: 6
  • Apple OS X: 5
  • Adobe Flash: 4
  • Apple Safari: 3
  • Microsoft Edge: 2
  • Google Chrome: 1 (this has been previously reported)
  • TOTAL: 21

Now, we can only wait to see if Apple is willing to reduce that number next year, further improving the security of its system and browser. 😊

(via MacRumors)