Chinese Security Team Exploits Safari Security Flaw at PWN2OWN - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

Chinese Security Team Exploits Safari Security Flaw at PWN2OWN

by

safariicon.jpgEvery year for the past seven years, hackers have gathered at the annual PWN2OWN event to hack high-profile software and mobile devices using previously unknown vulnerabilities. Apple's Safari browser and iOS platform are often included in the annual contest, which also targets Internet Explorer, Chrome, Firefox, and Adobe's Flash and Reader applications. This year, Safari was taken down on day two by a team of vulnerability researchers and exploit developers from China, reports ThreatPost.

China's Keen team exploited two vulnerabilities that allowed the team to execute arbitrary code using a Safari WebKit flaw and circumvent Apple's sandbox via an OS X system-level vulnerability. Speaking about the vulnerabilities they found, the Keen team stated that Apple's OS X is difficult to exploit and the operating system overall is very secure.

"For Apple, the OS is regarded as very safe and has a very good security architecture," Keen team member Liang Chen said. "Even if you have a vulnerability, it’s very difficult to exploit. Today we demonstrated that with some advanced technology, the system is still able to be pwned. But in general, the security in OS X is higher than other operating systems."

Apple representatives attended the contest and were made aware of the security exploits used in the contest. This isn't the first time Safari has been exploited during the contest. In 2011, a team of French security researchers compromised a MacBook by remotely running code within five seconds of contacting the machine.

Top Rated Comments

N
nt5672
159 months ago
Public awareness of security flaws is the best way to ensure the security of our devices. Thank you Chinese security team.
Score: 18 Votes (Like | Disagree)
L
leman
159 months ago
The most secure OS maybe FreeBSD or Linux.
Which one of thousand existing Linux distributives are you talking about? Linux is not an OS, its a kernel - and this is the reason why Linux is not even considered at PWN2OWN. The kernel is usually quite secure, its the software stack on its top that has vulnerabilities.
Score: 9 Votes (Like | Disagree)
T
thaifood
159 months ago
I wonder if the hacker praise is real or just polite words. Hopefully, we will see a Safari update soon.

I'm sure there is professional praise. Plus it's essentially free debug testing for the companies participating.
Score: 7 Votes (Like | Disagree)
B
BigBeast
159 months ago
[...]if I understood correctly you would have to use both to really get control.

I would guess that if the second vulnerability circumvents sandboxing, that it should be the first fix. Webkit vulnerabilities are almost inevitable; that's why sandboxing exists. If sandboxing doesn't catch the threat or is bypassed, that's a greater weakness.
Score: 5 Votes (Like | Disagree)
2
2457282
159 months ago
The article also said the team felt that Safari was more secure than other platforms. I am no expert but it does look like at least one is simple to fix and if I understood correctly you would have to use both to really get control. So if they fix either it would solve the problem.

Having said all that, if this is the most secure, the others have some really big problems.
Score: 4 Votes (Like | Disagree)
I
iamkarlp
159 months ago
Which one of thousand existing Linux distributives are you talking about? Linux is not an OS, its a kernel - and this is the reason why Linux is not even considered at PWN2OWN. The kernel is usually quite secure, its the software stack on its top that has vulnerabilities.

Indeed. And with the average GUI linux install being anywhere between 3~10 GB on disk, with the kernel only making up ~100MB of that, there is a lot of software stack to go around.

Karl P
Score: 3 Votes (Like | Disagree)
Read All Comments

Popular Stories

HomePod mini and Apple TV Sage

New Apple TV and HomePod Mini Are 'Nearly Ready' to Launch, New Siri Remote Also Rumored

Sunday May 31, 2026 8:47 am PDT by
New models of the Apple TV 4K and HomePod mini are "nearly ready to go," according to the latest word from Bloomberg's Mark Gurman. Subscribe to the MacRumors YouTube channel for more videos. Both devices have been ready "for months," but Apple is holding off on launching them until the more personalized version of Siri is available, he said. "I am told the hardware for the next Apple TV...
Read Full Article136 comments
iphone 17 pro black feature

iPhone 18 Pro's Camera Upgrade Will Cost Apple 50% More

Friday May 29, 2026 3:44 am PDT by
The iPhone 18 Pro and iPhone 18 Pro Max's all-new variable aperture lens will cost Apple 50% more than the camera unit used in current models, according to supply chain analyst Ming-Chi Kuo. Variable aperture has been one of the most persistent iPhone camera rumors of the past few years. Kuo first flagged the feature in late 2024, and it has since been corroborated by multiple reports and...
Read Full Article60 comments
iphone 18 pro color dummies

First Look at iPhone 18 Pro Color Options Revealed by Dummy Models

Friday May 29, 2026 4:50 am PDT by
Leaker Sonny Dickson today shared images of iPhone 18 Pro dummy models in the device's four rumored colors, offering the first real-world look at what to expect from the lineup visually. Corroborating previous rumors, the dummies show the iPhone 18 Pro Max in Light Blue, Black, Silver, and Dark Cherry. Dickson said "Cherry will probably be the next hit, orange did very well." Cosmic Orange...
Read Full Article152 comments

🔗 Related Apple News & Rumors

Stay updated with the latest Apple ecosystem news and verified rumors