Security Researchers Hack macOS, Leave Message on TouchBar at Pwn2Own 2017
LIKE
TWEET
SHARE
PIN
SHARE
POST
MAIL
MORE
Posted March 16, 2017 at 5:10pm by iClarified
Security researchers demonstrated multiple hacks of macOS on the first day of Pwn2Own 2017, including one that left a special message on the new MacBook's TouchBar.
Zero Day Initiative details the successful hacks of the day:
Samuel Groß (@5aelo) and Niklas Baumstark (_niklasb) targeting Apple Safari with an escalation to root on macOS ● PARTIAL SUCCESS: In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.
Chaitin Security Research Lab (@ChaitinTech) targeting Apple Safari with an escalation to root on macOS ● SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) successfuly exploited Apple Safari to gain root access on macOS by using a total of six bugs in their exploit chain including an info disclosure in Safari, four different type confusions bugs in the browser, and an a UAF in WindowServer. This earned the team $35,000 and 11 points towards Master of Pwn.
ZDI is offering more than $1,000,000 across different categories to see the latest research and will again crown a Master of Pwn at the end of three days.
This year's event features 11 teams of contestants targeting products across four categories - 30 different attempts in total. Each contestant has three attempts within their allotted timeslot to demonstrate the exploit.
No wonder I returned mine which I couldn't wait for new MBP but it just sucked I can't say anything good about the new Dangle Pro, all they had to do is use a touch screen instead of the stupid touch strip which forces you to take your eyes off the screen and leave at least one regular USB so we could connect the iphone or iPad to iTunes, battery life suck, no extra Ram so I'm back to my 3 years old MBP which is actually more powerful then the joke of the new pre, oh yes they forgot to be brave and kept the headphones plug, like I said a joke, even the Apple logo don't light up, someone really messed up and it wasn't Steve because he wouldn't have let Apple get so greedy and forget their loyal customers.
![Apple Weighs Acquisition of AI Startup Perplexity in Internal Talks [Report]](/images/news/97674/97674/97674-160.jpg "Apple Weighs Acquisition of AI Startup Perplexity in Internal Talks [Report]")
![Foxconn to Build New iPhone Enclosure Factory in India With $250M Investment [Report]](/images/news/97673/97673/97673-160.jpg "Foxconn to Build New iPhone Enclosure Factory in India With $250M Investment [Report]")
![How to Get Your Parents to Buy You a Mac, According to Apple [Video]](/images/news/97671/97671/97671-160.jpg "How to Get Your Parents to Buy You a Mac, According to Apple [Video]")
![Oakley and Meta Launch Smart Glasses for Athletes With AI, 3K Camera, More [Video]](/images/news/97665/97665/97665-160.jpg "Oakley and Meta Launch Smart Glasses for Athletes With AI, 3K Camera, More [Video]")
![Apple M4 Mac Mini Drops to Just $469 — Save $130 [Lowest Price Ever]](/images/news/97659/97659/97659-160.jpg "Apple M4 Mac Mini Drops to Just $469 — Save $130 [Lowest Price Ever]")
![Get the iPhone 16 Pro Max Free With New Verizon Line [Deal]](/images/news/97623/97623/97623-160.jpg "Get the iPhone 16 Pro Max Free With New Verizon Line [Deal]")
![Apple M4 Mac Mini Back on Sale for $499 [Deal]](/images/news/97617/97617/97617-160.jpg "Apple M4 Mac Mini Back on Sale for $499 [Deal]")
![AirPods Pro 2 On Sale for $169 — Save $80! [Deal]](/images/news/97526/97526/97526-160.jpg "AirPods Pro 2 On Sale for $169 — Save $80! [Deal]")
