Vancouver, British Columbia is hosting the sixteenth annual CanSecWest security conference, in which, a Pwn2Own hacking contest for computers discovered vulnerabilities in Apple desktop's Safari web browser and OS X.
To people who are not familiar with the event, it is organized every year after 2007. The word "PWN" represents the word hack, while own means to earn, and collectively it means "you must hack so as to win the contest."
According to Mac Rumors, Jung Hoon Lee earned $60,000 on day 1 of the event after he exploited both OS X and Safari. The four vulnerabilities discovered earned him the cash prize and 10 Master of Pwn points. He discovered one flaw in Apple's Safari and 3 within the OS X operating system of Apple. The security firm Trend Micro commented that the vulnerabilities exposed by Jung Hoon Lee made him gain access to root privileges. These included use after free in Apple Safari and a heap overflow escape to root, being one of the three OS X vulnerabilities.
Also, the researchers from Tencent Security Team Shield group earned an award of $40,000 in prize money for execution of access code that successfully gave them root privileges to access Safari. Five teams earned a total of $282,500 in prize money, with $282,500 being the highest prize earned by 360Vulcan Team. Google Chrome, Adobe Flash and Microsoft Edge on Windows were the other targeted browsers and plugins.
The security lags discovered during the contest are made available to the representatives of the affected parties. By doing so, they can patch their products for vulnerabilities and improve them further. It has been known that Apple has attended the past events.
With day 1 exposing these vulnerabilities, the excitement for day 2 gets intense as more attempts to exploit will be done by the researchers attending the contest.