Researcher gets $100,000 after finding Safari exploit at Pwn2Own 2021 event

The Pwn2Own 2021 event is promoted by the Zero Day Initiative as a way to encourage developers and researchers to report zero-day vulnerabilities to the affected companies instead of selling these breaches to malicious hackers. This year, systems researcher Jack Dates was paid $100,000 after finding a new exploit in Apple’s Safari web browser.

Author Ad Placeholder
Will only appear on redesign env.

For those unfamiliar with the term, a zero-day exploit is basically a newly discovered vulnerability whose fix is still unknown to the developers.

Dates has managed to use an integer overflow to get kernel-level code execution through Safari for Mac, which means that the exploit leads to full access to the rest of the computer. The confirmation was shared on Twitter with a short GIF showing the exploit in action.

Confirmed! Jack Dates from RET2 Systems used an integer overflow in Safari and an OOB Write to get kernel code execution. He wins $100K plus 10 Master of Pwn points to start the contest off right!

Although the event was not focused on Apple products, the Safari exploit was indeed unknown, so Dates won $100,000 for his discovery. Last month, it was revealed how a group of hackers have been using compromised websites to infect iOS devices. Learning about these security breaches by the right people allows Apple to quickly patch these exploits with software updates.

On a related note, security researchers also showed at the Pwn2Own event an exploit found in the popular video conferencing service Zoom, which also leads to hackers gaining full access to the computer.

More details about other security breaches discovered by researchers at the Pwn2Own event can be found on the Zero Day Initiative’s official website.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel



Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.