Security researchers uncover two zero-day vulnerabilities in Apple’s Safari

Security researchers competing at the annual Pwn2own conference have discoveredtwo zero-day vulnerabilities in Apple’s Safari. Two teams successfully exploited the bugs they found to achieve root access to macOS, while a third attempt failed, reports 9to5Mac.

Chaitin Security Research Lab chained together an exploit that took advantage of six bugs to escalate their access to root on macOS, winning a $35,000 prize. Samuel Grob and Niklas Baumstark won $28,000 for exploiting five bugs to display a message on the Touch Bar of a 2016 MacBook Pro. Full details of both exploits will be provided to Apple so that the bugs can be fixed before they are made public, notes 9to5Mac.