Adobe Reader, Apple’s Safari get hacked in competition

Hackers competing in a live competition Wednesday successfully exploited previously unknown weaknesses in software from San Jose-based Adobe and Cupertino-based Apple.

In one case, two hackers were able to use Safari to access the touchbar on the new Macbook, getting it to display a custom message from them. That hack, which Apple recently patched, earned the pair $28,000.

Eleven teams are competing in the Pwn2Own contest at the CanSecWest security conference in Vancouver, Canada. It’s the 10th annual Pwn2Own, which originally started as a way for hackers at the conference to show off their own homegrown zero-day exploits — software and hardware hacks that had previously gone undiscovered. This year, organizer Trend Micro is giving out $1 million in cash prizes to winning teams.

During the first day of competition, hackers broke into Adobe Reader twice.

A team called 360 Security used a heap overflow in Reader and a Windows kernel information leak to remotely execute code to take down Reader, earning them $50,000. Later in the day, hackers working for Tencent Security used an information leak in Reader to gain system-level privileges, earning them $25,000.

Hackers Samuel Groß and Niklas Baumstark, who were behind the Touchbar exploit, targeted Safari with three logic bugs and other weaknesses to gain access to MacOS. A team from China’s Chaitin Security Research Lab broke into Safari using a chain of six bugs to gain root access to MacOS, earning that team $35,000.

Several hackers tried to break into Google Chrome, but were unsuccessful. The competition continues today.

Source:http://www.bizjournals.com/sanjose/news/2017/03/16/hacking-competition-uncovers-previously-unknown.html

Print Friendly

Leave a Reply