A security researcher earned $ 100,000 to discover the exploitation of Safari at the Zero Day hackathon.
As reported by MacRumors, safety researcher Jack Dates discovered Safari for zero-day nuclear exploitation during the event, earning $ 100.00 on dates.
Apple’s products weren’t heavily targeted in Pwn2Own 2021, but on the first day, Jack Dates of RET2 Systems ran Safari to core a zero-day exploitation and earn $ 100,000. He used an integer topping in Safari and an OOB record to achieve kernel-level code execution, as shown in the tweet below.
Other hacking attempts during the Pwn2Own event targeted Microsoft Exchange, Parallels, Windows 10, Microsoft Teams, Ubuntu, Oracle VirtualBox, Zoom, Google Chrome, and Microsoft Edge.
The Zero Day initiative, he explains on the website, encourages security researchers to find zero-day vulnerabilities by compensating them for their findings.
The Zero Days Initiative (ZDI) was created to encourage the private reporting of two-day vulnerabilities to affected suppliers by financially rewarding researchers. At the time, some in the information security industry realized that those who find vulnerabilities are malicious hackers who want to harm. Some still feel that way. Although there are skilled and malicious attackers, they remain a small minority of the total number of people who actually discover new flaws in the software.
An overview of the Zero Day initiative can be found below: