Home
Laptops
Laptops News
Safari Exploits Demonstrated at Pwn2Own 2018; Chrome Remote Desktop Bug Discovered on macOS

Safari Exploits Demonstrated at Pwn2Own 2018; Chrome Remote Desktop Bug Discovered on macOS v6o3g

By Jagmeet Singh | Updated: 16 March 2018 18:42 IST

Highlights

A Safari vulnerability has been discovered at Pwn2Own 2018
The vulnerability gives access to the MacBook Pro's Touch Bar
Chrome Remote Desktop extension also found to have a bug for Mac machines

ment

A security researcher has discovered a macOS kernel. It was demonstrated at Pwn2Own 2018 that is underway in Vancouver, Canada. Two other Safari security vulnerabilities also showcased at the annual ethical hacking conference. 2c3b1q

Samuel Groß of ethical hacker group Phoenhex reached the Pwn2Own conference on its day one to show the vulnerability targeting Apple's Safari browser with a macOS kernel EoP. He used a combination of a JIT optimisation bug in the browser alongside a macOS logic bug to escape the default sandbox and a kernel overwrite to execute his code with a kernel extension to gain the backdoor access, as described in a blog post on the Zero Day Initiative site. Through this workaround, he was able to type a message on the Touch Bar of the MacBook Pro.

Notably, this wasn't the first time when Groß successfully exploited the Safari vulnerability to use Touch Bar as a message screen. He showed this loophole last year as well. However, this time, he earned $65,000 (approximately Rs. 42 lakhs).

On the day two of the Pwn2Own conference, Georgi Geshev, Alex Plaskett, and Fabi Beterke of MWR Labs demonstrated two vulnerabilities to exploit Safari and eventually escape the sandbox. The team utilised a heap buffer underflow in the browser and an uninitialised stack variable in macOS to overcome the sandbox protection and gain code execution. This helps the researchers earn $55,000 (roughly Rs. 36 lakhs).

Similarly, Nick Nick Burnett, Markus Gaasedelen, and Patrick Biernat of Ret2 Systems targeted the Safari browser with a macOS kernel exploit. The team wasn't able to complete its demonstration during the allotted time, albeit it successfully showed the exploit and disclosed the vulnerability to Apple, which is a standard part of the conference.

Alongside the vulnerabilities surfaced at the Pwn2Own conference, researchers' group Checkpoint Research separately claimed that it has discovered a bug in the Mac version of the Google Chrome Remote Desktop extension that allows guest s to use an active session of an or other s without requiring the . "What is expected to happen is that the local that connects remotely to a macOS machine will receive the desktop of a ‘Guest’. But while this is what appears in the remote machine, the local machine (the Chrome extension) receives the desktop of the other active session, which in this case is an on the system, without ever entering the ," the Check Point Research team writes on its site while explaining the flaw.

Check Point Research reported the bug to Google last month, but the search giant refused to fix the bug by stating that the " screen is not a security boundary". Therefore, s can retain security on their macOS devices simply by deleting the Chrome Remote Desktop extension.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.