Every year, the Zero Day Initiative hosts the Pwn2Own hacking contest, attracting countless security researchers from around the world to compete and exchange ideas. In this event, security researchers can earn a bounty by discovering serious vulnerabilities in major platforms such as Windows and macOS.
The Pwn2Own conference in 2021 will be conducted in an online live broadcast, providing 23 independent hacking activities involving 10 different product categories, including web browsers, virtual machines, servers, and so on. This year’s Pwn2Own event lasted for three days, lasting multiple hours a day, and was broadcast live on YouTube.
In this year’s Pwn2Own activity, Apple products did not become the main targets. However, on the first day of the conference, Jack Dates from RET2 Systems executed a zero-day vulnerability from Safari to the kernel and earned himself US$100,000. He uses integer overflow and OOB writing in Safari to gain kernel-level code execution.
Join Our Apple Channel On Telegram
During the Pwn2Own event, other hackers tried to target Microsoft Exchange, Parallels, Windows 10, Microsoft Teams, Ubuntu, Oracle VirtualBox, Zoom, Google Chrome and Microsoft Edge. For example, Dutch researchers Daan Keuper and Thijs Alkemade demonstrated a serious Zoom vulnerability. The two took advantage of triple vulnerabilities and used the Zoom application to gain complete control of the target PC without user interaction.
Participants of Pwn2Own received more than $1.2 million in rewards for the discovered vulnerabilities. Pwn2Own gives Apple and other vendors 90 days to fix the vulnerabilities found, so we can expect that the vulnerabilities will be resolved in an update in the near future.
If you like our news and you want to see such news even further, then follow RealMi Central on Telegram, Twitter, Facebook (Page) (Group) & Instagram.