May 14, 2024 at 11:59AM
Apple released security updates to address the CVE-2024-27834 zero-day vulnerability in Safari. The flaw was exploited during Pwn2Own Vancouver, earning the discoverer $60,000. The update is available for macOS Monterey and macOS Ventura, with instructions to update Safari separately from the operating system. Pwn2Own Vancouver 2024 resulted in $1,132,500 in rewards for exploiting and reporting 29 zero-days.
Key takeaways from the meeting notes:
– Apple released security updates to address a zero-day vulnerability in the Safari web browser that was exploited during the Pwn2Own Vancouver hacking competition.
– The vulnerability, tracked as CVE-2024-27834, was addressed on systems running macOS Monterey and macOS Ventura with improved checks.
– The vulnerability was reported by security researcher, Manfred Paul, and was chained with an integer underflow bug to gain remote code execution during the hacking competition, earning $60,000.
– Pointer Authentication codes (PACs) are used on the arm64e architecture to detect and guard against unexpected changes to pointers in memory.
– Safari 17.5 is available for iOS 17.5, iPadOS 17.5, macOS Sonoma 14.5, and visionOS 1.2, and users of macOS Ventura or macOS Monterey can update Safari without updating macOS through the system settings.
– Security researchers collected $1,132,500 after reporting 29 zero-days at Pwn2Own Vancouver 2024, with Manfred Paul emerging as the winner and earning $202,500 in cash for exploits against various web browsers.
– Google and Mozilla fixed the zero-days exploited at Pwn2Own Vancouver 2024 within days after the contest ended.
Let me know if you need further information or if there’s anything else I can assist you with.