MacBook Pro’s Touch Bar is ‘pwned’ by ethical hackers
Via Safari browser exploits – but this is no bad thing
The Touch Bar for Apple’s latest MacBook Pro is supposed to enable users to be more productive with supported apps, although the latest discovery relating to the OLED strip isn’t quite so helpful – it has been cracked to flash up a message of the perpetrator’s choosing.
This happened during the Pwn2Own hacking event at the CanSecWest security conference in Vancouver, where two hackers, Samuel Groß and Niklas Baumstark, leveraged a number of logic bugs to exploit Apple’s Safari browser and grab root access on a MacBook Pro (running macOS) – topping that off by displaying a message on the laptop’s Touch Bar.
As you can see above, the enterprising pair inserted the following text into the bar: “pwned by niklasb and saelo.”
- Chow down on the best Ultrabook instead
Good news, everyone
While this might appear to be a worrying development on the face of things, it’s actually good news. That’s because Pwn2Own gathers together top-notch hackers and offers them prizes for uncovering vulnerabilities, the idea being that these exploits can then be fixed pronto.
In other words, Apple will be provided with the details of the exploits, in order to be able to patch over these holes. Thus none of us will ever be affected by these issues (hopefully).
The hackers’ effort was described as a ‘partial success’ and earned them a cool $28,000 (around £23,000, AU$36,000).
The event organizers wrote: “In a partial win, Samuel Groß and Niklas Baumstark earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS.”
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Another team at the event – the Chaitin Security Research Lab – also exploited the Safari browser to gain root access on macOS, using an exploit chain of no less than six bugs. This netted them $35,000 (around £28,000, AU$45,000).
White hat hackers, as the ethical guys who are hunting for exploits to fix are called, don’t do badly on the earnings front at these sort of events, that’s for sure.
Via: Digital Trends
Image Credit: Niklas Baumstark
- Thinking of buying a MacBook Pro? These are the best deals out there
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).