Security Researchers Hack macOS, Leave Message on TouchBar at Pwn2Own 2017

Security Researchers Hack macOS, Leave Message on TouchBar at Pwn2Own 2017

Posted by · 6719 views · Translate
Security researchers demonstrated multiple hacks of macOS on the first day of Pwn2Own 2017, including one that left a special message on the new MacBook's TouchBar.

Zero Day Initiative details the successful hacks of the day:

Samuel Groß (@5aelo) and Niklas Baumstark (_niklasb) targeting Apple Safari with an escalation to root on macOS
● PARTIAL SUCCESS: In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.

Chaitin Security Research Lab (@ChaitinTech) targeting Apple Safari with an escalation to root on macOS
● SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) successfuly exploited Apple Safari to gain root access on macOS by using a total of six bugs in their exploit chain including an info disclosure in Safari, four different type confusions bugs in the browser, and an a UAF in WindowServer. This earned the team $35,000 and 11 points towards Master of Pwn.

ZDI is offering more than $1,000,000 across different categories to see the latest research and will again crown a Master of Pwn at the end of three days.

This year's event features 11 teams of contestants targeting products across four categories - 30 different attempts in total. Each contestant has three attempts within their allotted timeslot to demonstrate the exploit.

Read More


Security Researchers Hack macOS, Leave Message on TouchBar at Pwn2Own 2017
Recent