Search This Blog

Showing posts with label Safari. Show all posts

HACKED- Windows 10, macOS, Adobe, VMware, Apple and Oracle at The Pwn2Own 2020!


Pwn2Own is a well-known computer hacking contest which is held once every year at the CanSecWest security conference. In this contest, the contestants are tested on how well they could exploit commonly used software and mobile devices with formerly unheard of vulnerabilities.

An issue as grave as the Coronavirus pandemic has clearly not affected the spirits of the Pwn2Own 2020 hacking competition which got done with its first two days.

On Day 1, security researchers and participants bagged a handsome amount of over $180,000 for exploiting the Windows 10, Ubuntu Desktop and macOS, mention sources.

Reportedly, a “team from the Georgia Tech Systems Software and Security Lab succeeded in exploiting a kernel privilege escalation to execute code on macOS” by way of Safari. The attack mechanism that ended up winning for the team $70,000 was comprised of 6 vulnerabilities.

Per the event page (thezdi.com), Georgia Tech employed a “6 bug chain to pop calc and escalate to root”.

The team that has won several preceding editions of the hacking contest, Team Fluoroacetate, won themselves a victorious $40,000 after they employed a “local privilege escalation exploit” meant for the Windows 10.

Reports mention that one of the two members of the aforementioned team also won himself a smashing amount of $40,000 for yet another privilege escalation exploit pursuing Windows 10.

As per sources, the RedRocket CTF team got themselves a win, owing to it to one of their members, Mafred Paul, who bagged an attractive amount of $30,000 for a local privilege escalation exploit focused on Ubuntu Desktop. The hack was about the manipulation of the ‘Input validation bug’.

On Day 2, The Fluoroacetate successfully targeted the Adobe Reader with a local privilege escalation by employing a pair of UAFs, mentioned sources and grabbed an amount of $50,000.

Per reports, the Synacktiv team targeted the VMware Workstation but unfortunately to no avail in the given duration of time. There also were special demonstrations of the Zero Day Initiative against the Oracle VirtualBox.

This was the very first time the organizers allowed “conditional remote participation” in the Pwn2Own hacking contest, understandably because of the increased concerns of people about traveling due to the Coronavirus outbreak.



Users can now Use 2 Step Verification on their Chrome and Safari Browser


Google has launched a new feature for ensuring users' security. You will now be able to enroll for 2 Factor Authentication Keys from Web browsers. Google is allowing you to enroll security keys on Android and macOS devices by making it easier to register for keys. "Two-factor authentication, also called multiple-factor or multiple-step verification, is an authentication mechanism to double-check that your identity is legitimate."


When you sign in into your account it asks for a username and password, this is the first verification process. Two-factor authentication adds another security layer after this to confirm your identity. It (2FA) could be a pin, a password, a one time password, a physical device, or biometric. It should be something only you have to know. Two-factor authentication is very important as a password isn't as protective as we believe. Cyber attackers can test billions of password combinations in a second.

Two-factor authentication or two-step verification adds another layer of protection besides a password, and it is hard for cybercriminals to get this second factor and reduces their chance to succeed. Now Google is offering these 2FA authentication keys, and you can register for these on macOS devices using Safari (v. 13.0.4 and up), and Android devices running Android 7.0 “N” and up, using the Google Chrome web browser (version 70 and up). Users can register these independently or with those who have signed up for the Advanced Protection Program. It's available for all users given you're using the mentioned version of the software.

What is Security Keys? 

Security Keys are the most secure form of two-factor authentication (2FA) or two-step verification to protect against various threats like hacking and phishing. Users are provided with physical keys that they can insert into the USB port of their device, when required the user will touch the key. On Android devices, the user will have to tap the key on their NFC ( Near Field Communication) enabled device. Android users can also opt for USB and Bluetooth keys. Apple mobile users will be provided Bluetooth-enabled security keys.