The news was shared on Twitter.
“Confirmed! Jack Dates from RET2 Systems used an integer overflow in Safari and an OOB Write to get kernel code execution. He wins $100K plus 10 Master of Pwn points to start the contest off right!”
Confirmed! Jack Dates from RET2 Systems used an integer overflow in Safari and an OOB Write to get kernel code exec… https://t.co/K05u94RIwk
— Zero Day Initiative (@thezdi) 1617721996000
The Pwn2Own event is not solely for Apple products, though finding a fault in a web browser made by the tech giant is big as Safari, being a part of the Apple ecosystem, is usually considered safe from malicious cyber attacks and comes preinstalled on the iPhone, iPad and the MacBooks. With a zero day vulnerability found in Safari, here’s hoping Apple acts swiftly on this and patches it with an update.
During the event, some researchers found an exploit with the video calling app Zoom which hackers may use to gain access to the whole computer system. Team Viettel, another band of researchers, looked for vulnerabilities in Windows 10 and used an integer overflow to “escalate from a regular user to SYSTEM privileges” in the Local Escalation of Privilege category. They were paid $40,000 for their successful attempt.