ahlam1399
03-17-2016, 11:31 PM
The sixteenth annual CanSecWest (https://cansecwest.com/) security conference is underway in downtown Vancouver, British Columbia, and researchers participating in the Pwn2Own (https://en.wikipedia.org/wiki/Pwn2Own) computer hacking contest have already discovered multiple vulnerabilities in OS X and the Safari web browser on the desktop.
http://cdn.macrumors.com/article-new/2016/03/MacRumors-Safari-800x554.jpg
On day one of the event, independent security researcher JungHoon Lee earned $60,000 after exploiting both OS X and Safari. Lee uncovered four vulnerabilities in total, including one exploit in Safari and three other vulnerabilities within the OS X operating system, according to security firm Trend Micro (http://blog.trendmicro.com/pwn2own-day-1-recap/).JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Apple Safari to gain root privileges. The attack consisted of four new vulnerabilities: a use-after-free vulnerability in Safari and three additional vulnerabilities, including a heap overflow to escalate to root. This demonstration earned 10 Master of Pwn points and US$60,000.Meanwhile, the report claims that the Tencent Security Team Shield group successfully executed code that enabled them to gain root privileges to Safari using "two use-after-free vulnerabilities," including one in Safari and the other in a "privileged process." The researchers were awarded $40,000 in prize money.
The five participating teams earned a total of $282,500 in prizes on day one, including a leading $132,500 earned by the 360Vulcan Team, according to the report. Other web browsers and plugins that were successfully targeted include Adobe Flash, Google Chrome, and Microsoft Edge on *******.
Apple representatives have attended Pwn2Own in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to ***** them. Pwn2Own day two began today at 9:00 a.m. Pacific and will involve additional exploit attempts against OS X and Safari.
Tags: exploit (http://www.macrumors.com/roundup/exploit/), security (http://www.macrumors.com/roundup/security/), Safari (http://www.macrumors.com/roundup/safari/), Apple security (http://www.macrumors.com/roundup/apple-security/), OS X (http://www.macrumors.com/roundup/os-x/), Pwn2Own (http://www.macrumors.com/roundup/pwn2own/)
Discuss this article (http://forums.macrumors.com/threads/pwn2own-2016-os-x-safari-exploits.1961689/) in our forums
http://feeds.feedburner.com/~ff/MacRumors-All?d=6W8y8wAjSf4 (http://feeds.macrumors.com/~ff/MacRumors-All?a=HgdGUQe_5qQ:s1hMDP2_tzg:6W8y8wAjSf4) http://feeds.feedburner.com/~ff/MacRumors-All?d=qj6IDK7rITs (http://feeds.macrumors.com/~ff/MacRumors-All?a=HgdGUQe_5qQ:s1hMDP2_tzg:qj6IDK7rITs)
http://feeds.feedburner.com/~r/MacRumors-All/~4/HgdGUQe_5qQ
أكثر... (http://www.macrumors.com/2016/03/17/pwn2own-2016-os-x-safari-exploits/)
http://cdn.macrumors.com/article-new/2016/03/MacRumors-Safari-800x554.jpg
On day one of the event, independent security researcher JungHoon Lee earned $60,000 after exploiting both OS X and Safari. Lee uncovered four vulnerabilities in total, including one exploit in Safari and three other vulnerabilities within the OS X operating system, according to security firm Trend Micro (http://blog.trendmicro.com/pwn2own-day-1-recap/).JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Apple Safari to gain root privileges. The attack consisted of four new vulnerabilities: a use-after-free vulnerability in Safari and three additional vulnerabilities, including a heap overflow to escalate to root. This demonstration earned 10 Master of Pwn points and US$60,000.Meanwhile, the report claims that the Tencent Security Team Shield group successfully executed code that enabled them to gain root privileges to Safari using "two use-after-free vulnerabilities," including one in Safari and the other in a "privileged process." The researchers were awarded $40,000 in prize money.
The five participating teams earned a total of $282,500 in prizes on day one, including a leading $132,500 earned by the 360Vulcan Team, according to the report. Other web browsers and plugins that were successfully targeted include Adobe Flash, Google Chrome, and Microsoft Edge on *******.
Apple representatives have attended Pwn2Own in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to ***** them. Pwn2Own day two began today at 9:00 a.m. Pacific and will involve additional exploit attempts against OS X and Safari.
Tags: exploit (http://www.macrumors.com/roundup/exploit/), security (http://www.macrumors.com/roundup/security/), Safari (http://www.macrumors.com/roundup/safari/), Apple security (http://www.macrumors.com/roundup/apple-security/), OS X (http://www.macrumors.com/roundup/os-x/), Pwn2Own (http://www.macrumors.com/roundup/pwn2own/)
Discuss this article (http://forums.macrumors.com/threads/pwn2own-2016-os-x-safari-exploits.1961689/) in our forums
http://feeds.feedburner.com/~ff/MacRumors-All?d=6W8y8wAjSf4 (http://feeds.macrumors.com/~ff/MacRumors-All?a=HgdGUQe_5qQ:s1hMDP2_tzg:6W8y8wAjSf4) http://feeds.feedburner.com/~ff/MacRumors-All?d=qj6IDK7rITs (http://feeds.macrumors.com/~ff/MacRumors-All?a=HgdGUQe_5qQ:s1hMDP2_tzg:qj6IDK7rITs)
http://feeds.feedburner.com/~r/MacRumors-All/~4/HgdGUQe_5qQ
أكثر... (http://www.macrumors.com/2016/03/17/pwn2own-2016-os-x-safari-exploits/)