At a popular hackathon event where hackers, enthusiasts and developers came together to find vulnerabilities in their programs and software, Apple found a major one, awarding the hacker a $100,000 cash prize.
This discovery was a part of the Pwn2Own 2021 event — an official hacking contest where one researcher who goes by the name of Jack Dates was awarded the aforementioned amount for discovering a zero-day exploit in Apple’s Safari web browser.
Gaining access to a Mac through Safari
As announced by Zero Day Initiative on Twitter, for this discovery, Dates used an integer overflow in Safari and an OOD Write to execute a kernel code.
The execution would allow the hacker to gain full control of the Mac, as well as the files on it. This is surprising considering the vulnerability was found in an app that Apple ships pre-installed into its systems and is recommended to be safest by the company against cyber attacks.
With the vulnerability now revealed, hopefully, Apple would release a patch to fix this soon. Jack Dates was not only rewarded with a $100,000 cash prize, but he was also offered 10 Master of Pwn points.
They also found a Windows 10 vulnerability
In case you didn’t know, this event however isn’t just restricted to Apple and its services. One researcher team found major vulnerabilities in Windows 10. The discovery was made by research team Viettel who used an integer overflow to escalate from a regular user to SYSTEM privileges in the Local Escalation of Privilege category.
Basically, this vulnerability allowed a guest or a regular user to gain more access in a system, opening doors for it to be compromised. For this discovery, they were awarded $40,000.
Apart from this, researchers have been looking for vulnerabilities in Zoom, Google Chrome, and Microsoft Edge this year. The three-day event awarded winning researchers a total of $1,210,000.
