The news was shared on Twitter.
“Confirmed! Jack Dates of RET2 Systems used an integer overflow in Safari and an OOB Write to get the kernel code executed. He wins $ 100K plus 10 Master of Pwn points to get the competition off to a good start!”
Approved! Jack Dates of RET2 Systems used an integer overflow in Safari and an OOB write to get the kernel code running … https://t.co/K05u94RIwk
– Zero Day Initiative (@thezdi) 1617721996000
The Pwn2Own event isn’t just for Apple products, although locating a bug in a web browser from the tech giant is of great concern as Safari, as part of the Apple ecosystem, is usually considered safe from malicious cyberattacks and comes pre-installed on the computer iPhone, iPad and the MacBooks. With a zero-day vulnerability in Safari, we hope that Apple will respond quickly and fix it with an update.
During the event, some researchers found an exploit using the Zoom video calling app, which could potentially give hackers access to the entire computer system. Team Viettel, another group of researchers, looked for vulnerabilities in Windows 10 and used an integer overflow to escalate from a regular user to SYSTEM permissions in the “Local Permissions Escalation” category. They received $ 40,000 for their successful attempt.