apple: Researcher gets $100,000 for finding flaw in Apple’s Safari browser


The Pwn2Own event for 2021 is going on where software enthusiasts and developers are invited to find and report zero-day vulnerabilities (newly-discovered faults or bugs that haven’t been noticed before, with no known fixes) in the programs and softwares of leading companies. If found, they get rewarded by the companies. It is, basically, an official ‘hacking’ contest. In such an incident, Researcher Jack Dates got Rs $100,000 for finding a zero-day exploit in Apple’s Safari web browser. He used “an integer overflow in Safari and an OOB Write to execute a kernel code.”
The news was shared on Twitter.
“Confirmed! Jack Dates from RET2 Systems used an integer overflow in Safari and an OOB Write to get kernel code execution. He wins $100K plus 10 Master of Pwn points to start the contest off right!”

The Pwn2Own event is not solely for Apple products, though finding a fault in a web browser made by the tech giant is big as Safari, being a part of the Apple ecosystem, is usually considered safe from malicious cyber attacks and comes preinstalled on the iPhone, iPad and the MacBooks. With a zero day vulnerability found in Safari, here’s hoping Apple acts swiftly on this and patches it with an update.
During the event, some researchers found an exploit with the video calling app Zoom which hackers may use to gain access to the whole computer system. Team Viettel, another band of researchers, looked for vulnerabilities in Windows 10 and used an integer overflow to “escalate from a regular user to SYSTEM privileges” in the Local Escalation of Privilege category. They were paid $40,000 for their successful attempt.





Source link

Leave a Reply