Posted on 03/18/2016 2:08:19 AM PDT by Swordmaker
The sixteenth annual CanSecWest security conference is underway in downtown Vancouver, British Columbia, and researchers participating in the Pwn2Own computer hacking contest have already discovered multiple vulnerabilities in OS X and the Safari web browser on the desktop.
On day one of the event, independent security researcher JungHoon Lee earned $60,000 after exploiting both OS X and Safari. Lee uncovered four vulnerabilities in total, including one exploit in Safari and three other vulnerabilities within the OS X operating system, according to security firm Trend Micro.
JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Apple Safari to gain root privileges. The attack consisted of four new vulnerabilities: a use-after-free vulnerability in Safari and three additional vulnerabilities, including a heap overflow to escalate to root. This demonstration earned 10 Master of Pwn points and US$60,000.
Meanwhile, the report claims that the Tencent Security Team Shield group successfully executed code that enabled them to gain root privileges to Safari using "two use-after-free vulnerabilities," including one in Safari and the other in a "privileged process." The researchers were awarded $40,000 in prize money.
The five participating teams earned a total of $282,500 in prizes on day one, including a leading $132,500 earned by the 360Vulcan Team, according to the report. Other web browsers and plugins that were successfully targeted include Adobe Flash, Google Chrome, and Microsoft Edge on Windows.
Day one at Pwn2Own YouTube video
Apple representatives have attended Pwn2Own in the past, and affected parties are made aware of all security vulnerabilities discovered during the contest in order to patch them. Pwn2Own day two began today at 9:00 a.m. Pacific and will involve additional exploit attempts against OS X and Safari.
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
These vulnerabilities and exploits represent months of work for the hackers who demonstrate them and are not the effort of just a few minutes at the conference. The code used and flaws will be disclosed to the publishers responsible so the flaws can be quickly closed before publication.
Just another “overnight success”....
That's the responsible way for a hacker to do it. Kudos, not only on their months of research work, but also on their ethics.
And of course- where are the testing criteria listed? What specific devices are being “hacked”? What is turned on or off in the built-in and default security settings? Are the hackers given direct access to the devices?
I’m all about security - but some of these “tests” in the past really were more about social engineering (like so many Windows-based exploits) than actual flaws.
Inquiring minds want to know...
I find it interesting, after viewing the linked video, how many participants were using Apple hardware...
The attacks on Apple OS X all involved Safari and two or three other vulnerabilities running in either Safari plug-ins or OS X. Details of those are not released and will not be until patches are released. However, it means you are right. The White Hat hacker directs the moderator to navigate to a prepared website, then either download and run a prepared file, or click on a script invoking a plug-in which causes the vulnerability that allows the watching hacker to move in on the now vulnerable Mac. They are, essentially, proof of concept Trojans. #1 required a Safari flaw plus THREE other vulnerabilities in three other apps running simultaneously to achieve root.
The odds of any one particular user having all four of those running is probably pretty small. Safari usage itself is about 80%, then the plug-in might be only 5-10%, so that's 4 to 8%, then of those the next app may be running in the back ground may be 50% to be generous, we are down to 2 to 4%, and even if the third factor, is 25%, the risk factor is 0.5% to 1%, now add in the requirement to hit the correct website with the malicious file to download or script, and you are looking at perhaps one in 10,000 at most. This is why when you look at the statistics for OS X hacks the infection numbers are usually listed as fewer than 100 machines exploited!
Could it be dangerous? You bet. Should it be patched? Of course. It will probably be done very rapidly for Safari.
The Mac is the one platform they can buy that allows them to do development work on OS X, Windows in all versions, iOS, Android, and various flavors of Linux. . . and test all of them against each other.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.