apple: Researchers receive $ 100,000 for finding bugs in Apple’s Safari browser

The Pwn2Own The 2021 event is where software enthusiasts and developers are invited to find and repair zero-day vulnerabilities (newly discovered bugs or bugs that were previously not noticed without known fixes) in the programs and software of leading companies Report. If they are found, the companies will reward them. It’s basically an official ‘chop‘Competition. In one such incident, researcher Jack Dates received 100,000 rupees for discovering a zero-day exploit in Apple‘s safari Web browser. He used “an integer overflow in Safari and an OOB write to run some kernel code”.
The news was shared on Twitter.
“Confirmed! Jack Dates of RET2 Systems used an integer overflow in Safari and an OOB Write to get the kernel code executed. He wins $ 100K plus 10 Master of Pwn points to get the competition off to a good start!”

The Pwn2Own event isn’t just for Apple products, although locating a bug in a web browser from the tech giant is of great concern as Safari, as part of the Apple ecosystem, is usually considered safe from malicious cyberattacks and comes pre-installed on the computer iPhone, iPad and the MacBooks. With a zero-day vulnerability in Safari, we hope that Apple will respond quickly and fix it with an update.
During the event, some researchers found an exploit using the Zoom video calling app, which could potentially give hackers access to the entire computer system. Team Viettel, another group of researchers, looked for vulnerabilities in Windows 10 and used an integer overflow to escalate from a regular user to SYSTEM permissions in the “Local Permissions Escalation” category. They received $ 40,000 for their successful attempt.

.

Leave a Reply