As hackers hide with increasingly sophisticated techniques, technology service companies need more support to counter these actions, even outside of their offices. For this reason, various programs have been commissioned to promote vulnerability discovery, among developers, before they fall into the wrong hands and affect millions of users.
Regarding these initiatives, recently the developer Jack Dates participated in the Pwn2Own 2021 program, promoted by Zero Day Initiative. The dates managed to find out a bug in Apple’s Safari, zero-day
Discovered in the Apple just-in-time exploit
According to a note from 9to5mac, Dates managed to use an integer overflow to get kernel-level code execution through Safari for Mac, which means that the exploit leads to full access to the rest of the computer. The confirmation was shared on Twitter along with a small GIF showing the feat in action.
Congratulations Jack! L anding an Apple Safari in 1 click to the Zero-day kernel at # Pwn2Own2021 on behalf of RET2: https://t.co/cfbwT1IdAt pic.twitter.com/etE4MFmtqs
– RET2 systems (@ ret2systems) April 6, 2021
While the event didn’t focus on Apple products, the Safari feat was actually unknown, so Dates won $ 100,000 for its discovery. Last month it was revealed how a group of hackers were using compromised websites to infect iOS devices. Know these security holes with the right people allows Apple to quickly fix these vulnerabilities with software updates.
In addition to the observation that favors Apple, during the same event, Security researchers also showed a bug found on the popular Zoom video conferencing service, which also leads hackers to gain full access to users’ computers.