iPhone 7 wi-fi, Safari 'zero-day' exploits leveraged in pwn2own hacker's contest
Apple's iPhone 7 security was bypassed by a trio of hackers at the Mobile Pwn2Own event, with a wi-fi exploit, a system service bug, and two Safari bugs used to escalate privileges and run arbitrary code on the device.
The Tencent Keen Security Lab was the successful party in two of the three events at the conference, with Richard Zhu using two bugs in Safari on the iPhone 7 to escape the sandbox. At present, the attack techniques have not been verified by the Pwn2Own orchestrators.
Contest rules note that all of the devices subject to penetration will be running the latest version of their respective operating systems with all available patches installed. It is not clear at this time what specific version of iOS was installed on the iPhone 7. Tuesday's release of iOS 11.1 patched out the KRACK vulnerability, which in theory could have been used for the Wi-Fi exploit.
Once the research presented is confirmed to be a true 0-day exploit, Pwn2Own immediately discloses the vulnerability to the vendor, who is given 90 days to release a fix before the organization publishes a "limited advisory" about the method. Representatives from Apple, Google, and Huawei were all available at the conference and able to ask questions of the researchers if needed.
A bug in the Samsung Internet Browser was demonstrated at the event. Keen Security Lab also used a stack overflow attack on the Huawei Mate9 Pro to bypass code execution limitations.
Pwn2Own is a computer hacking contest that had its inaugural event in 2007, and has been held annually since. The first contest was generated in response to frustration with Apple's lack of response to the "Month of Apple Bugs" and the "Month of Kernel Bugs," events, as well as Apple's commercials at the time that lampooned Windows security.
Winners of the contest receive the device that they exploited, a cash prize, and a "Masters" jacket celebrating the year of their win.
The latest Mobile Pwn2Own was held during the PacSec conference, at Aoyama St. Grace Cathedral in Tokyo, Japan.
The Tencent Keen Security Lab was the successful party in two of the three events at the conference, with Richard Zhu using two bugs in Safari on the iPhone 7 to escape the sandbox. At present, the attack techniques have not been verified by the Pwn2Own orchestrators.
Contest rules note that all of the devices subject to penetration will be running the latest version of their respective operating systems with all available patches installed. It is not clear at this time what specific version of iOS was installed on the iPhone 7. Tuesday's release of iOS 11.1 patched out the KRACK vulnerability, which in theory could have been used for the Wi-Fi exploit.
Once the research presented is confirmed to be a true 0-day exploit, Pwn2Own immediately discloses the vulnerability to the vendor, who is given 90 days to release a fix before the organization publishes a "limited advisory" about the method. Representatives from Apple, Google, and Huawei were all available at the conference and able to ask questions of the researchers if needed.
A bug in the Samsung Internet Browser was demonstrated at the event. Keen Security Lab also used a stack overflow attack on the Huawei Mate9 Pro to bypass code execution limitations.
Pwn2Own is a computer hacking contest that had its inaugural event in 2007, and has been held annually since. The first contest was generated in response to frustration with Apple's lack of response to the "Month of Apple Bugs" and the "Month of Kernel Bugs," events, as well as Apple's commercials at the time that lampooned Windows security.
Winners of the contest receive the device that they exploited, a cash prize, and a "Masters" jacket celebrating the year of their win.
The latest Mobile Pwn2Own was held during the PacSec conference, at Aoyama St. Grace Cathedral in Tokyo, Japan.
Comments
Yet, still, you have some folks that have to make a living and will only do so by monetary imbursement so I think this is still a great way to patch holes and give out some money to the ones that find those holes. Running arbitrary code, I honestly did not think this was possible on this time and date of iOS development ...