Researchers find two zero-day vulnerabilities in Safari at Pwn2Own

During the Pwn2Own competition in Vancouver, security researchers found two zero-day vulnerabilities in Apple’s Safari browser. With one they managed to escape from the sandbox and with the other they were able to take over an entire system.

‘s team Fluoroacetate used an integer overflow vulnerability in combination with a heap overflow to crack Safari and get out of the protected sandbox environment. Because they used brute force techniques, it took quite a long time to carry out the attack, organizer Trend Micro writes. The demonstration earned the team $55,000 and five points for the Pwn2Own competition.

Team phoenhex & qwerty caused a JIT bug and twice used a heap out-of-bounds-read action to gain root access and a time-of-check-time-of-use bug made the step to the kernel made. With that, the team managed to take over an entire system via the browser attack. Apple was already aware of one of the techniques used, but the team was still able to continue with $ 45,000 and four points.

The remaining demonstrations of the first day of Pwn2Own successfully attacked Oracle VirtualBox and VMWare Workstation. A total of $240,000 was paid out. On Friday, the participants try to exploit leaks in car systems. Pwn2Own is part of Trend Micro’s Zero Day Initiative to uncover unseen vulnerabilities. The aim is to reward researchers for this and inform the manufacturers, instead of trading the vulnerabilities for use by the highest bidder.