A security researcher earns a $ 100,000 reward for exploiting Safari on Pwn2Own 2021

A security researcher who competed in the Pwn2Own hacking competition earned $ 100,000 for finding exploitation with a single click in Apple’s Safari browser.

The 2021 Pwn2Own content began on April 6th. On the first day, RET2 Systems researcher Jack Dates found a vulnerability in Apple’s browser, according to Zero Day Initiative, which hosts the content.

As shown in the tweet, Dates used integer overflow and out-of-border notation to achieve kernel-level code execution. The researcher won a prize of 100,000 US dollars and 10 points in the competition.

The Zero Day initiative hosts the Pwn2Own competition every year, inviting security researchers from around the world to look for vulnerabilities in major operating systems and platforms. Other targets in the 2021 competition include Zoom, Google Chrome and Microsoft Edge.

While Apple products aren’t usually the most popular target on Pwn2Own, this isn’t the first time researchers have discovered flaws in Safari during the event. Similar vulnerabilities were discovered at the events of 2018 and 2019.