Researchers Uncover Multiple OS X and Safari Exploits at Pwn2Own 2016

This is a reminder of the reason why, even though you have a Mac, you should be careful about browsing shady websites.

Every system is exploitable, even one with a good track record like OS X. Be careful where you browse. Stay up to date on updates. This is also why I'm angered by websites that force you to turn off ad blockers; ad networks are the #1 source of malware there is.

 

Ad blockers like Adblock still allow non-intrusive and non-malicious ads. If a website makes you turn off Adblock, you might have to wonder why.

I wonder if Apple could use this in their FBI case. "Um guys... you want us to create a back door, there's contests that reward people for breaking the code. Imagine if they KNEW there was a back door and they just needed to find it."

 

$60,000 for one day's work....I think I need to change jobs.

 

this is more than one day's work.

 

I hope they fix these quickly

 

Keep finding the holes and closing them guys. It's alot better that these issues are exposed and fixed than bought up and kept private (without the developers knowing).

 

While researchers tried to compromise Edge, the Edge attack was not successful (both the video and the linked article say as much: "Tencent Xuanwu Lab: Adobe Flash in Microsoft Edge: This attempt failed."). So it isn't accurate to say that it was successfully targeted.

 

What a surprise..

 

That's what Siri said

 

Is the fact this story has a screenshot of the MacRumors homepage meant to imply that MacRumors is using this exploit to gain root access to our computers?

 

Hmmm, at least it was at Pwn2own and not some shady group.

I'd like to know more details about the hacks, although that is a violation.

 

Was the FBI in attendance taking notes?

 

This is why I don't understand why Apple has allowed content blockers (apps from the App Store) to help remove ads while using safari on the iPhones but hasn't allowed the same content blockers on OS X safari.

 

They have the same content blocker system on OS X. I'm using one now.

 

More details would be interesting.

 

Wait... I though OS X is invincible and perfectly secure... According to people in this forum... The only reason they switch to Apple is Windows and Android is not secure enough... Guess they need find third platform now...

 

"Attempts to compromise Adobe Flash player were confounded when its doors were found to be completely open..."

 

I use purify for my iPhone but can't for OS X

 

I don't think it's "invincible and perfectly secure" but I think due to having less market share that it's a safer option. I think most malicious content will be targeted to the masses which would be Windows and Android as they have more users overall.

 

And 10 Master of Pwn points!!!

 

I'm very tempted to say something trollish about how SIP was supposed to make us so safe that we couldn't even do stuff as root ourselves.

 

I'm actually really thankful that there are events like this. Helps us have a safer and more secure computing experience.

 

In this second decade of the 21st Century, 'Researcher' is the new legal term for 'Hacker'.

--- Post Merged, Mar 17, 2016 ---

Yeah, you get no prize money for finding vulnerabilities in Flash!!!

 

Good work guys. The ball is in Apple's court. Patch those vullies now!