Apple Paid Hacker Rs 75 Lakh For Finding Security Hole In Safari Browser

At a popular hackathon event where hackers, enthusiasts and developers came together to find vulnerabilities in their programs and software, Apple found a major one, awarding the hacker a $100,000 cash prize.

Getty Images

This discovery was a part of the Pwn2Own 2021 event -- an official hacking contest where one researcher who goes by the name of Jack Dates was awarded the aforementioned amount for discovering a zero-day exploit in Apple¡¯s Safari web browser.

Also Read: Apple Fixes Three Security Bugs, 'Actively Under Attack' By Hackers

Gaining access to a Mac through Safari

As announced by Zero Day Initiative on Twitter, for this discovery, Dates used an integer overflow in Safari and an OOD Write to execute a kernel code.

Confirmed! Jack Dates from RET2 Systems used an integer overflow in Safari and an OOB Write to get kernel code execution. He wins $100K plus 10 Master of Pwn points to start the contest off right!

¡ª Zero Day Initiative (@thezdi) April 6, 2021

The execution would allow the hacker to gain full control of the Mac, as well as the files on it. This is surprising considering the vulnerability was found in an app that Apple ships pre-installed into its systems and is recommended to be safest by the company against cyber attacks.

Reuters

With the vulnerability now revealed, hopefully, Apple would release a patch to fix this soon. Jack Dates was not only rewarded with a $100,000 cash prize, but he was also offered 10 Master of Pwn points.

Also Read: Apple Is Sending Free iPhones: You Can Get One Too, If You're A Security Researcher

They also found a Windows 10 vulnerability

In case you didn¡¯t know, this event however isn¡¯t just restricted to Apple and its services. One researcher team found major vulnerabilities in Windows 10. The discovery was made by research team Viettel who used an integer overflow to escalate from a regular user to SYSTEM privileges in the Local Escalation of Privilege category.

Confirmed! Marcin finishes #Pwn2Own 2021 with a win. He used a UAF to escalate to SYSTEM on #Windows10. He earns $40,000 and four Master of Pwn points. pic.twitter.com/SPHKLH1bBE

¡ª Zero Day Initiative (@thezdi) April 8, 2021

Basically, this vulnerability allowed a guest or a regular user to gain more access in a system, opening doors for it to be compromised. For this discovery, they were awarded $40,000.

Also Read: Apple Will Give Free iPhone To Hackers For Security Research Only

Apart from this, researchers have been looking for vulnerabilities in Zoom, Google Chrome, and Microsoft Edge this year. The three-day event awarded winning researchers a total of $1,210,000.