Discovery of two security vulnerabilities in the Safari browser during the Pwn20wn 2018 event
It is rare, if not impossible, that software is not completely vulnerable to piracy or exploitation. That is why updates are important and why developers are rewarded for developers who discover vulnerabilities that can be exploited in hacking operations. In fact, at the Pwn20wn 2018 event recently, a number of hacking operations were introduced to the Safari browser.
During the event, security researchers who were present at the event managed to hack Safari not only once but twice. One of the exploits was discovered in 30 minutes, in 3 attempts, while the discovery of the other vulnerability took four attempts. Regardless of the number of attempts, the fact that these vulnerabilities exist is the most important thing.
One of the hackers aimed to inject the kernel with a special source code to exploit the browser, while the second vulnerability exploited some vulnerabilities in the Safari browser to escape the Sandbox. Successful researchers were awarded $ 65 thousand and $ 55 thousand, respectively. But the good news is that it was natural to attend corporate representatives, including Apple.
They were also briefed on all security vulnerabilities discovered during the competition until they were fixed in future updates. It is not clear when these updates will be issued, but we hope that these vulnerabilities are not very severe as they could have serious consequences if they are exploited on the ground.
Source
No comments