Mar 18, 2017 01:32 PM EDT
MacBook Pro’s Touch Bar Hijacked By Pwn2Own Hackers; Exploits In Safari, Edge Confirms No OS Is Secure
The MacBook Pro with Touch Bar has been hijacked by Pwn2Own hackers during the Pwn2Own Security Conference and Competition in Vancouver. Other exploits include compromising Safari and even the heavily-guarded Edge, which aligns with the central theme of the competition that no operating system or application can be fully secured from hackers.
A team of Pwn2Own hackers was able to breach the Apple security to fully exploit Safari. This was accomplished by Samuel Groß and Niklas Baumstark by using a number of logic bugs to fully exploit Safari and took control of the MacOS on the MacBook Pro with Touch Bar. The two received $28,000 for their exploit that Baumstark revealed as only a partial success. Nonetheless, the two hackers won the crowd with its nifty message on the MacBook Pro's Touch Bar saying "pwned by niklasb and 5aelo" as posted in Groß's twitter account, Digital Trends reported.
The Pwn2Own hackers competition in Vancouver saw many impressive feats that are important to the tech community as hackers do their exploits in a safe environment. Moreover, the exploits will give developers vital information on how to further strengthen the security of their systems though Pwn2Own's organizers do not truly believe as unbreachable. The most recent exploits last Friday morning belongs to Qihoo 360 team that was able to exploit the heavily-guarded Edge, which is considered by many security experts as one of the most secure browsers to date according to Arstechnica.
The Qihoo 360 compromised Edge by escaping the Windows virtual machine it runs on or the VMWare. This was accomplished by exploiting the heap overflow bug in the Windows kernel of Edge and the uninitialized buffer vulnerability in VMWare. The team received $105,000 cash prize for their exploits amidst other notable Pwn2Own hackers' exploits from the competition organized by the Trend Micro's Zero Day Initiative Group. The contest tries to replicate how a real-world zero-day market would be and how the tech community can better prepare for it.