Researchers Uncover macOS and Safari Exploits at Pwn2Own 2017

MacRumors

macrumors bot
Original poster
Apr 12, 2001
50,046
11,317



The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes.

Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.


In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.
Later in the day, Chaitin Security Research Lab also targeted Safari with an escalation to root on macOS, finding success using a total of six bugs in their exploit chain, including "an info disclosure in Safari, four type confusion bugs in the browser, and a UAF in WindowServer". The combined efforts earned the team $35,000.

The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop, and Microsoft Edge on Windows.

Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two begins today at 8:30 a.m. Pacific and will involve additional exploit attempts against macOS and Safari.

Article Link: Researchers Uncover macOS and Safari Exploits at Pwn2Own 2017
 

maflynn

Moderator
Staff member
May 3, 2009
67,072
34,163
Boston
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?
 

FreeAngel

macrumors newbie
Mar 9, 2017
24
15



The seventeenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, where researchers are competing in the 10th anniversary Pwn2Own computer hacking contest for over $1 million in prizes.

Day one results have already been published over at the Zero Day Initiative website, with a couple of successful Mac-related exploits already appearing in the list of achievements. Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.


Later in the day, Chaitin Security Research Lab also targeted Safari with an escalation to root on macOS, finding success using a total of six bugs in their exploit chain, including "an info disclosure in Safari, four type confusion bugs in the browser, and a UAF in WindowServer". The combined efforts earned the team $35,000.

The participating teams earned a total of $233,000 in prizes on day one, including a leading $105,000 earned by Tencent Security, according to published details. Other software successfully targeted by contestants include Adobe Reader, Ubuntu Desktop, and Microsoft Edge on Windows.

Apple representatives have attended the Pwn2Own contest in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two began today at 8:30 a.m. Pacific and will involve additional exploit attempts against macOS and Safari.

Article Link: Researchers Uncover macOS and Safari Exploits at Pwn2Own 2017
[doublepost=1489662568][/doublepost]I Hope Apple fixes all these Flaws that are Found ASAP?
I use OS X or MACOS because I it is suppose to be more secure than Windows
In Todays World of Hacking A secure Operating System that just works is the only thing important to me
PS APPLE. Please work on better memory management and Disk Full Protection in MacOS too.
Please no more Beach Balls and put in a safety net to prevent the OS unbootable due to Start Up Disk Is Full
 

69Mustang

macrumors 604
Jan 7, 2014
7,540
14,285
In between a rock and a hard place
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?
Reading more into it. This is a yearly event. Every year they expose vulnerabilities in every OS. They provide each vendor with the vulnerability so it can be patched.
 

maflynn

Moderator
Staff member
May 3, 2009
67,072
34,163
Boston
Reading more into it. This is a yearly event. Every year they expose vulnerabilities in every OS. They provide each vendor with the vulnerability so it can be patched.
I've seen this before, and no OS goes unscathed, though it seems that Safari, and even OS X tended to fall early on in the contest. I don't know if this was the case this year or not.
 

JGRE

macrumors 65816
Oct 10, 2011
1,012
664
Dutch Mountains
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?

This is good and bad at the same time. Bad because vulnerabilities exist; good because hackers are pointing out this vulnerabilities so programmers they can fix them.

I think the big IT companies (but also companies depending on IT like banks) should sponsor more money for prices in order to get software more secure.

Without prices, hackers will sell the research on the black market and then it will be used against us.
 

NT1440

macrumors G5
May 18, 2008
12,400
15,597
So if I'm reading this right, OS X has vulnerabilities in which hackers shown off an ability to exploit.

Seems kind of disturbing to me, or am I reading more into it then I ought too?
It's a yearly competition, and the entire point is to find, disclose, and get these types of exploits closed. Note that they almost always spend months pre-planning (so avoid those "____ hacked in 30 seconds!" clickbait headlines) and it takes several combined exploits to get the results they want....as well as hands on with the computer.
 

69Mustang

macrumors 604
Jan 7, 2014
7,540
14,285
In between a rock and a hard place
This is good and bad at the same time. Bad because vulnerabilities exist; good because hackers are pointing out this vulnerabilities so programmers they can fix them.

I think the big IT companies (but also companies depending on IT like banks) should sponsor more money for prices in order to get software more secure.

Without prices, hackers will sell the research on the black market and then it will be used against us.
It is a good thing but vulnerabilities will always exist because programmers are human and we aren't infallible. You're right that more money should be poured into bounty programs. If vendors don't pay, the dark side definitely will.
 

JGRE

macrumors 65816
Oct 10, 2011
1,012
664
Dutch Mountains
[doublepost=1489662568][/doublepost]I Hope Apple fixes all these Flaws that are Found ASAP?
I use OS X or MACOS because I it is suppose to be more secure than Windows
In Todays World of Hacking A secure Operating System that just works is the only thing important to me
PS APPLE. Please work on better memory management and Disk Full Protection in MacOS too.
Please no more Beach Balls and put in a safety net to prevent the OS unbootable due to Start Up Disk Is Full

There is security and security. macOS is way better when it come to viruses. Which makes a less sensitive to remote hacking. I think at these contest, Hackers have direct access to the machine they are trying to hack, still the Unix base of macOS should be better, but not yet perfect.
 

TheRealTVGuy

macrumors 6502a
Jul 21, 2010
664
1,036
Orlando, FL
I wish these guys and the bored kids in Russia would figure out how to infect the entire server network (and backups) for Experian, TransUnion, Equifax, etc.

THAT would be fun AND beneficial to everyone!!

Who's ready to buy a house without having to answer about be missed payment from six and a half years ago? Anybody? Hello?
 

jaymie1983

macrumors member
Nov 16, 2007
44
46
Earth
It's amazing how much faith and reliance we put into computers , with little to no idea how fragile the whole thing really is
 

twinlight

macrumors 6502a
Sep 4, 2016
611
453
These are sometimes quite ingenious ways they exploit systems but hardly surprising.

As a rule; Does it execute code, read data, use memory or barely exists it's possible to exploit.
 

pat500000

Suspended
Jun 3, 2015
8,523
7,513
Probably on touch bar menu: "press this if you want me to take you cc info. Press this happy face if you want me to download your safari data...."
 

2457244

macrumors regular
Jul 20, 2015
238
139
Independent hackers Samuel Groß and Niklas Baumstark landed a partial success and earned $28,000 after targeting Safari with an escalation to root on macOS, which allowed them to scroll a message on a MacBook Pro Touch Bar.

Haha they get 28.000 for that? I've seen developers create stuff like this and called it an app or feature. ;) :rolleyes: o_O

You gotta love the Touch Bar folks. They look so pretty, don't they. Even my sister can get dates now.
 

NT1440

macrumors G5
May 18, 2008
12,400
15,597
Haha they get 28.000 for that? I've seen developers create stuff like this and called it an app or feature. ;) :rolleyes: o_O

You gotta love the Touch Bar folks. They look so pretty, don't they. Even my sister can get dates now.
You know developers that are using safari to gain access to the touchbar display?....not really buying it.
 

coolfactor

macrumors 601
Jul 29, 2002
4,743
4,925
Vancouver, BC
Researchers Uncover macOS and Safari Exploits

Headline strikes me as odd.

"uncover exploits" - ?

An exploit is taking advantage of a vulnerability. A better title would be:

Researchers Exploit Vulnerabilities in macOS and Safari
[doublepost=1489675776][/doublepost]
You know developers that are using safari to gain access to the touchbar display?....not really buying it.

Privileged access to the Touch Bar is likely managed through an application, rather than directly on a system-wide basis, hence them demonstrating that the Touch Bar can be compromised through a Safari vulnerability.
 

MrGuder

macrumors 68030
Nov 30, 2012
2,890
1,880
Since the TB is here to stay, this will get patched very quickly. Apple doesn't want negative press on new TB.
 

NMBob

macrumors 65816
Sep 18, 2007
1,221
971
New Mexico
Apple representatives have attended the Pwn2Own contest in the past?? That's interesting. If it were my company I'd want someone at EVERY ONE of these kinds of contests.
 

NT1440

macrumors G5
May 18, 2008
12,400
15,597
[doublepost=1489675776][/doublepost]

Privileged access to the Touch Bar is likely managed through an application, rather than directly on a system-wide basis, hence them demonstrating that the Touch Bar can be compromised through a Safari vulnerability.
I know that, which is why I'm asking that poster who the developers are he knows that "create stuff like this and called it an app or feature". It's totally nonsensical.
 

lkrupp

macrumors 65816
Jul 24, 2004
1,061
1,635
I've seen this before, and no OS goes unscathed, though it seems that Safari, and even OS X tended to fall early on in the contest. I don't know if this was the case this year or not.

That’s simply not the case. macOS and Safari hacks get the most reward money and are the big dogs in the hunt for prize money. You simply don’t hear about other OSs and browsers getting taken down because that news doesn’t generate interest. That a staff member of an Apple centric forum doesn’t know that I find disturbing.
 

macs4nw

macrumors 601
It's amazing how much faith and reliance we put into computers , with little to no idea how fragile the whole thing really is
And we must wake up from that false sense of security. After all the other huge problems we face as a species, solar CMEs or Coronal Mass Ejections, is what we should prepare for most urgently. One massive outburst, which we are supposedly due for, and it could be curtains for our civilization as we currently know it.

We could potentially be back to the stone age, as much of our silicon is vulnerable and could be rendered crippled. In the extreme it could mean no more functioning government, emergency services, hospitals, food production, etc. Back to anarchy, every man for himself and survival of the fittest, which won't be very long without food and potable water. One alarming estimate I read predicted the perishing of 90% of the population within 6-9 months.

Can we imagine a world without computers, even for 6 mos to a year? Truly a scenario too horrific to contemplate, but the good news is we can prepare for it by protecting and shielding essential computing equipment, and such preparations can't come soon enough.
 
  • Like
Reactions: jaymie1983
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.