Security researcher earns $100K prize for Safari exploit at Pwn2Own 2021

in Mac Software
A security researcher participating in the Pwn2Own hacking contest earned $100,000 for finding a one-click exploit in Apple's Safari browser.

Credit: Apple
Credit: Apple

The 2021 Pwn2Own content kicked off on April 6. On the first day, RET2 Systems researcher Jack Dates found a vulnerability in Apple's browser, according to the Zero Day Initiative, which hosts the content.

As demonstrated in a tweet, Dates used an integer overflow and an out-of-bounds write to achieve kernel-level code execution. The researcher won a $100,000 prize and 10 points in the competition.

Congratulations Jack! Landing a 1-click Apple Safari to Kernel Zero-day at #Pwn2Own 2021 on behalf of RET2:

-- RET2 Systems (@ret2systems)

The Zero Day Initiative hosts the Pwn2Own competition annually, inviting security researchers from across the globe to seek out vulnerabilities in major operating systems and platforms. Other targets in the 2021 competition include Zoom, Google Chrome, and Microsoft Edge.

We're still confirming the details of the #Zoom exploit with Daan and Thijs, but here's a better gif of the bug in action. #Pwn2Own #PopCalc

-- Zero Day Initiative (@thezdi)

Although Apple products are not typically the most popular target at Pwn2Own, this isn't the first time researchers have discovered flaws in Safari during the event. Similar vulnerabilities were discovered at the 2018 and 2019 events.


Sign In or Register to comment.