Security Researchers Hack macOS, Leave Message on TouchBar at Pwn2Own 2017

Security Researchers Hack macOS, Leave Message on TouchBar at Pwn2Own 2017

Posted by · 8162 views · Translate
Security researchers demonstrated multiple hacks of macOS on the first day of Pwn2Own 2017, including one that left a special message on the new MacBook's TouchBar.

Zero Day Initiative details the successful hacks of the day:

Samuel Groß (@5aelo) and Niklas Baumstark (_niklasb) targeting Apple Safari with an escalation to root on macOS
● PARTIAL SUCCESS: In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.

Chaitin Security Research Lab (@ChaitinTech) targeting Apple Safari with an escalation to root on macOS
● SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) successfuly exploited Apple Safari to gain root access on macOS by using a total of six bugs in their exploit chain including an info disclosure in Safari, four different type confusions bugs in the browser, and an a UAF in WindowServer. This earned the team $35,000 and 11 points towards Master of Pwn.

ZDI is offering more than $1,000,000 across different categories to see the latest research and will again crown a Master of Pwn at the end of three days.

This year's event features 11 teams of contestants targeting products across four categories - 30 different attempts in total. Each contestant has three attempts within their allotted timeslot to demonstrate the exploit.

Read More


Security Researchers Hack macOS, Leave Message on TouchBar at Pwn2Own 2017
odedo1 - March 28, 2017 at 5:43am
No wonder I returned mine which I couldn't wait for new MBP but it just sucked I can't say anything good about the new Dangle Pro, all they had to do is use a touch screen instead of the stupid touch strip which forces you to take your eyes off the screen and leave at least one regular USB so we could connect the iphone or iPad to iTunes, battery life suck, no extra Ram so I'm back to my 3 years old MBP which is actually more powerful then the joke of the new pre, oh yes they forgot to be brave and kept the headphones plug, like I said a joke, even the Apple logo don't light up, someone really messed up and it wasn't Steve because he wouldn't have let Apple get so greedy and forget their loyal customers.
Recent