The Touch Bar for Apple’s latest MacBook Pro is supposed to enable users to be more productive with supported apps, although the latest discovery relating to the OLED strip isn’t quite so helpful – it has been cracked to flash up a message of the perpetrator’s choosing.
This happened during the Pwn2Own hacking event at the CanSecWest security conference in Vancouver, where two hackers, Samuel Groß and Niklas Baumstark, leveraged a number of logic bugs to exploit Apple’s Safari browser and grab root access on a MacBook Pro (running macOS) – topping that off by displaying a message on the laptop’s Touch Bar.
As you can see above, the enterprising pair inserted the following text into the bar: “pwned by niklasb and saelo.”
Good news, everyone
While this might appear to be a worrying development on the face of things, it’s actually good news. That’s because Pwn2Own gathers together top-notch hackers and offers them prizes for uncovering vulnerabilities, the idea being that these exploits can then be fixed pronto.
In other words, Apple will be provided with the details of the exploits, in order to be able to patch over these holes. Thus none of us will ever be affected by these issues (hopefully).
The hackers’ effort was described as a ‘partial success’ and earned them a cool $28,000 (around £23,000, AU$36,000).
The event organizers wrote: “In a partial win, Samuel Groß and Niklas Baumstark earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS.”
Another team at the event – the Chaitin Security Research Lab – also exploited the Safari browser to gain root access on macOS, using an exploit chain of no less than six bugs. This netted them $35,000 (around £28,000, AU$45,000).
White hat hackers, as the ethical guys who are hunting for exploits to fix are called, don’t do badly on the earnings front at these sort of events, that’s for sure.