Jack Dates, the security specialist at RET2 Systems, received a $100,000 award for discovering a new vulnerability in the Apple Safari browser. Zero-day exploit detected at Pwn2Own event 2021.
A zero-day exploit is a recently discovered vulnerability that is still unknown to developers. Dates managed to achieve kernel-level code execution via Safari through integer overflow. Thus, he was able to gain full access to the entire computer.
This is not the only major vulnerability at the event. Developers Daan Keuper and Thijs Alkemade found a chain of three errors in the Zoom video conferencing service; It allows them to perform the necessary tasks in a foreign system. In this case, it requires no participation of the victim. The developers received an award of $200 thousand for two.
As noted by Macrumors, Pwn2Own 2021 participants received a total of $1.2 million in rewards. The event allows developers to fix the discovered vulnerabilities within 90 days.