![Two Safari Exploits Demonstrated at Pwn2Own Vancouver 2019, One Resulted in Complete System Compromise [Video]](/images/news/69997/341846/341846-64.png "Two Safari Exploits Demonstrated at Pwn2Own Vancouver 2019, One Resulted in Complete System Compromise [Video]")
Two Safari Exploits Demonstrated at Pwn2Own Vancouver 2019, One Resulted in Complete System Compromise [Video]
Posted March 21, 2019 at 5:14pm by
Shalom Levytam
Two groups of hackers demonstrated zero-day exploits of Apple's Safari web browser at Pwn2Own Vancouver 2019 yesterday with one of the exploits leading to a complete system compromise.
The Fluoroacetate team, consisting of Amat Cama and Richard Zhu, successfully exploited the browser and escaped the sandbox by using an integer overflow in the browser and a heap overflow. The attempt nearly took the entire allowed time because they used a brute force technique during the sandbox escape. The code would fail then try again until it succeeded. The demonstration earned them $55,000 USD and 5 points towards Master of Pwn.
Ending the day, phoenhex & qwerty team (@_niklasb @qwertyoruiopz and @bkth_) targeting Apple Safari with a kernel elevation. Browsing to a website, the team triggered a JIT bug followed by a heap out-of-bounds (OOB) read – used twice – then pivoted from root to kernel via a Time-of-Check-Time-of-Use (TOCTOU) bug. Despite achieving complete system compromise it was only a partial win since Apple already knows about one of the bugs used. They earned $45,000 USD and 4 points towards Master of Pwn.
Take a look at the video below for more of the day's results...
The Fluoroacetate team, consisting of Amat Cama and Richard Zhu, successfully exploited the browser and escaped the sandbox by using an integer overflow in the browser and a heap overflow. The attempt nearly took the entire allowed time because they used a brute force technique during the sandbox escape. The code would fail then try again until it succeeded. The demonstration earned them $55,000 USD and 5 points towards Master of Pwn.
Ending the day, phoenhex & qwerty team (@_niklasb @qwertyoruiopz and @bkth_) targeting Apple Safari with a kernel elevation. Browsing to a website, the team triggered a JIT bug followed by a heap out-of-bounds (OOB) read – used twice – then pivoted from root to kernel via a Time-of-Check-Time-of-Use (TOCTOU) bug. Despite achieving complete system compromise it was only a partial win since Apple already knows about one of the bugs used. They earned $45,000 USD and 4 points towards Master of Pwn.
Take a look at the video below for more of the day's results...
![Apple Releases iOS 26.4.1 and iPadOS 26.4.1 With Bug Fixes [Download]](/images/news/100492/100492/100492-160.jpg "Apple Releases iOS 26.4.1 and iPadOS 26.4.1 With Bug Fixes [Download]")
![Apple TV Debuts 'Criminal Record' Season 2 Trailer [Video]](/images/news/100488/100488/100488-160.jpg "Apple TV Debuts 'Criminal Record' Season 2 Trailer [Video]")
![13-inch MacBook Air M5 Drops to $949 in New All-Time Low [Deal]](/images/news/100466/100466/100466-160.jpg "13-inch MacBook Air M5 Drops to $949 in New All-Time Low [Deal]")
