A safety researcher collaborating within the Pwn2Own hacking contest earned $100,000 for locating a one-click exploit in Apple’s Safari browser.
The 2021 Pwn2Own content material kicked off on April 6. On the primary day, RET2 Techniques researcher Jack Dates discovered a vulnerability in Apple’s browser, according to the Zero Day Initiative, which hosts the content material.
As demonstrated in a tweet, Dates used an integer overflow and an out-of-bounds write to realize kernel-level code execution. The researcher received a $100,000 prize and 10 factors within the competitors.
The Zero Day Initiative hosts the Pwn2Own competitors yearly, inviting safety researchers from throughout the globe to hunt out vulnerabilities in main working methods and platforms. Different targets within the 2021 competitors embrace Zoom, Google Chrome, and Microsoft Edge.
Though Apple merchandise should not usually the most well-liked goal at Pwn2Own, this is not the primary time researchers have found flaws in Safari throughout the occasion. Related vulnerabilities had been found on the 2018 and 2019 occasions.