![Two Safari Exploits Demonstrated at Pwn2Own Vancouver 2019, One Resulted in Complete System Compromise [Video]](/images/news/69997/341846/341846-64.png "Two Safari Exploits Demonstrated at Pwn2Own Vancouver 2019, One Resulted in Complete System Compromise [Video]")
Two Safari Exploits Demonstrated at Pwn2Own Vancouver 2019, One Resulted in Complete System Compromise [Video]
Posted March 21, 2019 at 5:14pm by iClarified
Two groups of hackers demonstrated zero-day exploits of Apple's Safari web browser at Pwn2Own Vancouver 2019 yesterday with one of the exploits leading to a complete system compromise.
The Fluoroacetate team, consisting of Amat Cama and Richard Zhu, successfully exploited the browser and escaped the sandbox by using an integer overflow in the browser and a heap overflow. The attempt nearly took the entire allowed time because they used a brute force technique during the sandbox escape. The code would fail then try again until it succeeded. The demonstration earned them $55,000 USD and 5 points towards Master of Pwn.
Ending the day, phoenhex & qwerty team (@_niklasb @qwertyoruiopz and @bkth_) targeting Apple Safari with a kernel elevation. Browsing to a website, the team triggered a JIT bug followed by a heap out-of-bounds (OOB) read – used twice – then pivoted from root to kernel via a Time-of-Check-Time-of-Use (TOCTOU) bug. Despite achieving complete system compromise it was only a partial win since Apple already knows about one of the bugs used. They earned $45,000 USD and 4 points towards Master of Pwn.
Take a look at the video below for more of the day's results...
The Fluoroacetate team, consisting of Amat Cama and Richard Zhu, successfully exploited the browser and escaped the sandbox by using an integer overflow in the browser and a heap overflow. The attempt nearly took the entire allowed time because they used a brute force technique during the sandbox escape. The code would fail then try again until it succeeded. The demonstration earned them $55,000 USD and 5 points towards Master of Pwn.
Ending the day, phoenhex & qwerty team (@_niklasb @qwertyoruiopz and @bkth_) targeting Apple Safari with a kernel elevation. Browsing to a website, the team triggered a JIT bug followed by a heap out-of-bounds (OOB) read – used twice – then pivoted from root to kernel via a Time-of-Check-Time-of-Use (TOCTOU) bug. Despite achieving complete system compromise it was only a partial win since Apple already knows about one of the bugs used. They earned $45,000 USD and 4 points towards Master of Pwn.
Take a look at the video below for more of the day's results...
![iPhone 16 Named World's Best-Selling Smartphone in Q3 2025 [Report]](/images/news/99295/99295/99295-160.jpg "iPhone 16 Named World's Best-Selling Smartphone in Q3 2025 [Report]")
![Apple Releases iOS 26.2 RC 2 [Download]](/images/news/99291/99291/99291-160.jpg "Apple Releases iOS 26.2 RC 2 [Download]")
![Apple Shares New 'Outrun' Ad Highlighting the Speed of Apple Pay [Video]](/images/news/99289/99289/99289-160.jpg "Apple Shares New 'Outrun' Ad Highlighting the Speed of Apple Pay [Video]")
![Apple Watch Series 11 Drops to New All-Time Low of $299 [Deal]](/images/news/99283/99283/99283-160.jpg "Apple Watch Series 11 Drops to New All-Time Low of $299 [Deal]")
![AirPods 4 With ANC Are Still On Sale for Just $99! [Lowest Price Ever]](/images/news/99264/99264/99264-160.jpg "AirPods 4 With ANC Are Still On Sale for Just $99! [Lowest Price Ever]")
![Final Cyber Monday Deals: M4 MacBook Air for $749, Beats, Sonos, and More [List]](/images/news/99203/99203/99203-160.jpg "Final Cyber Monday Deals: M4 MacBook Air for $749, Beats, Sonos, and More [List]")
![iPad mini 7 Falls to New All-Time Low of $349 [Cyber Monday 2025]](/images/news/99197/99197/99197-160.jpg "iPad mini 7 Falls to New All-Time Low of $349 [Cyber Monday 2025]")
![Apple Watch Series 11 Drops to New All-Time Low Price of $329 [Cyber Monday 2025]](/images/news/99195/99195/99195-160.jpg "Apple Watch Series 11 Drops to New All-Time Low Price of $329 [Cyber Monday 2025]")
