Jack Dates found an exploit in Safari which won him US$100,000 along with 10 Master of Pwn points at Pwn2Own 2021.
Pwn2Own 2021
Pwn2Own is one of the biggest computer security competitions and it’s held twice a year at the CanSec West security conference. Hackers are challenged to find vulnerabilities in widely used software and mobile devices.
Trend Micro’s Zero Day Initiative announce that Jack Dates from RET2 Systems won a prize for Safari:
Mr. Dates used an integer overflow through Safari to gain kernel-level access on a Mac. The kernel is the lowest level of an operating system that has complete control over everything, making this a serious hack in the hands of someone malicious.
An integer overflow means storing a bigger number than what that particular memory space supports. These can then lead to a buffer overflow, which is considered the number one most dangerous error in a system. When a program receives too much data, the leftover data can corrupt nearby memory space. This makes the program either report an error or act in ways the creator didn’t expect.