Skip to main content
  1. Home
  2. Computing
  3. News

Hackers take over Touch Bar at this year’s Pwn2Own contest

Jon Martindale
By

A pair of hackers at this year’s Pwn2Own hacking contest have managed to infiltrate a MacBook Pro’s Touch Bar with a message of their own, after finding an exploit for the Safari browser. Although only considered a partial success, the hack did let them gain access to the Touch Bar, earning them $28,000 for their trouble.

The Pwn2Own security conference and competition sees many impressive exploits discovered every year and 2017 is no different. We’ve seen a number of successes (via MacRumors) that have cracked open the Linux Kernel, Adobe Reader, and Microsoft’s Edge browser. A few hacks managed to breach Apple security, too, which is what let one team post their message to the Touch Bar.

Welcome to Pwn2Own 2017

Samuel Groß and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro. While that itself granted them their monetary prize and nine points in the Pwn2Own competition, they impressed onlookers even more by adding a custom message to the Touch Bar which read: “pwned by niklasb and saelo.”

Recommended Videos

Baumstark later explained on Twitter why the hack was only considered a partial success, despite its efficacy.

@LiveOverflow @_tsuro @5aelo we had sep. exploits for 10.0.3 and 10.1. the 10.0.3 one is fixed upstream, so it counts as a duplicate

— Niklas Baumstark (@_niklasb) March 15, 2017

The contest, which is offering over a million dollars in prizes this year, has seen another group utilize an exploit in Safari to earn some points and funds for themselves. The Chaitin Security Research Lab successfully breached Safari to gain root access on MacOS. Because its goal was seen as a full, rather than a partial success, it earned $35,000 and 11 points for its trouble — though there were no props given for Touch Bar takeover in this case.

Although other teams also attempted to breach Safari with an escalation to root on MacOS, they couldn’t manage it within their allotted time.

As impressive as the first day of Pwn2Own 2017 has been though, there is still much more to come. The schedule for day two is now live and shows a lot of people and teams getting ready to try to crack open many pieces of commercial software, including the MacOS. We’ll no doubt learn more about their efforts when the results are posted later today.

Thanks to Trend Micro for sending through the header video.

Topics
Jon Martindale
Jon Martindale
Computing Coordinator
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
It’s time to stop believing these PC building myths
Hyte's Thicc Q60 all-in-one liquid cooler.

As far as hobbies go, PC hardware is neither the cheapest nor the easiest one to get into. That's precisely why you may often run into various misconceptions and myths.

These myths have been circulating for so long now that many accept them as a universal truth, even though they're anything but. Below, I'll walk you through some PC beliefs that have been debunked over and over, and, yet, are still prevalent.
Liquid cooling is high-maintenance (and scary)

Read more
AMD’s next-gen CPUs are much closer than we thought
AMD Ryzen 7 7800X3D held between fingertips.

We already knew that AMD would launch its Zen 5 CPUs this year, but recent motherboard updates hint that a release is imminent. Both MSI and Asus have released updates for their 600-series motherboards that explicitly add support for "next-generation AMD Ryzen processors," setting the stage for AMD's next-gen CPUs.

This saga started a few days ago when hardware leaker 9550pro spotted an MSI BIOS update, which they shared on X (formerly Twitter). Since then, Asus has followed suit with BIOS updates of its own featuring a new AMD Generic Encapsulated Software Architecture (AGESA) -- the firmware responsible for starting the CPU -- that brings support for next-gen CPUs (spotted by VideoCardz).

Read more
AMD Zen 5: Everything we know about AMD’s next-gen CPUs
The AMD Ryzen 5 8600G APU installed in a motherboard.

AMD Zen 5 is the next-generation Ryzen CPU architecture for Team Red and is slated for a launch sometime in 2024. We've been hearing tantalizing rumors for a while now and promises of big leaps in performance. In short, Zen 5 could be very exciting indeed.

We don't have all the details, but what we're hearing is very promising. Here's what we know about Zen 5 so far.
Zen 5 release date and availability
AMD confirmed in January 2024 that it was on track to launch Zen 5 sometime in the "second half of the year." Considering the launch of Zen 4 was in September 2022, we would expect to see Zen 5 desktop processors debut around the same timeframe, possibly with an announcement in the summer at Computex.

Read more