Security researcher earns $100,000 for discovering Safari exploit

Safari on Mac (Image credit: iMore)

What you need to know

Security researcher Jack Dates discovered a zero-day exploit with Safari.
The researcher earned $100,000 for the discovery.
The Zero Day Initiative pays security researchers to responsibly uncover vulnerabilities.

A security researcher has earned $100,000 for discovering a Safari exploit at the Zero Day hackathon event.

As reported by MacRumors, security researcher Jack Dates discovered a Safari to kernel zero-day exploit during the event, earning Dates $100,00.

Apple products were not heavily targeted in Pwn2Own 2021, but on day one, Jack Dates from RET2 Systems executed a Safari to kernel zero-day exploit and earned himself $100,000. He used an integer overflow in Safari and an OOB write to get kernel-level code execution, as demoed in the tweet below.Other hacking attempts during the Pwn2Own event targeted Microsoft Exchange, Parallels, Windows 10, Microsoft Teams, Ubuntu, Oracle VirtualBox, Zoom, Google Chrome, and Microsoft Edge.

Congratulations Jack! Landing a 1-click Apple Safari to Kernel Zero-day at #Pwn2Own 2021 on behalf of RET2: https://t.co/cfbwT1IdAt pic.twitter.com/etE4MFmtqsCongratulations Jack! Landing a 1-click Apple Safari to Kernel Zero-day at #Pwn2Own 2021 on behalf of RET2: https://t.co/cfbwT1IdAt pic.twitter.com/etE4MFmtqs— RET2 Systems (@ret2systems) April 6, 2021 April 6, 2021

The Zero Day Initiative, as it explains on the website, encourages security researchers to find zero-day vulnerabilities by compensating them for their discoveries.

The Zero Day Initiative (ZDI) was created to encourage the reporting of 0-day vulnerabilities privately to the affected vendors by financially rewarding researchers. At the time, there was a perception by some in the information security industry that those who find vulnerabilities are malicious hackers looking to do harm. Some still feel that way. While skilled, malicious attackers do exist, they remain a small minority of the total number of people who actually discover new flaws in software.

You can check out an overview of the Zero Day Initiative below:

Joe Wituschek is a Contributor at iMore. With over ten years in the technology industry, one of them being at Apple, Joe now covers the company for the website. In addition to covering breaking news, Joe also writes editorials and reviews for a range of products. He fell in love with Apple products when he got an iPod nano for Christmas almost twenty years ago. Despite being considered a "heavy" user, he has always preferred the consumer-focused products like the MacBook Air, iPad mini, and iPhone 13 mini. He will fight to the death to keep a mini iPhone in the lineup. In his free time, Joe enjoys video games, movies, photography, running, and basically everything outdoors.

Latest in Security