Adobe Reader, Apple’s Safari get hacked in competition

Hackers competing in a live competition Wednesday successfully exploited previously unknown weaknesses in software from San Jose-based Adobe and Cupertino-based Apple.

In one case, two hackers were able to use Safari to access the touchbar on the new Macbook, getting it to display a custom message from them. That hack, which Apple recently patched, earned the pair $28,000.

Eleven teams are competing in the Pwn2Own contest at the CanSecWest security conference in Vancouver, Canada. It’s the 10th annual Pwn2Own, which originally started as a way for hackers at the conference to show off their own homegrown zero-day exploits — software and hardware hacks that had previously gone undiscovered. This year, organizer Trend Micro is giving out $1 million in cash prizes to winning teams.

During the first day of competition, hackers broke into Adobe Reader twice.

A team called 360 Security used a heap overflow in Reader and a Windows kernel information leak to remotely execute code to take down Reader, earning them $50,000. Later in the day, hackers working for Tencent Security used an information leak in Reader to gain system-level privileges, earning them $25,000.

Hackers Samuel Groß and Niklas Baumstark, who were behind the Touchbar exploit, targeted Safari with three logic bugs and other weaknesses to gain access to MacOS. A team from China’s Chaitin Security Research Lab broke into Safari using a chain of six bugs to gain root access to MacOS, earning that team $35,000.

Several hackers tried to break into Google Chrome, but were unsuccessful. The competition continues today.


. . . . . . . .

Leave a Reply