Tianfu Cup is a version of the Pwn2own in which hackers from Kunlun Lab managed to secure first place by hacking iPhone 13 through a vulnerability in the Safari mobile browser.
The Chinese version of the Pwn2own hacking competition called Tianfu Cup took place from Oct. 16 to Oct. 17 in Chengdu, China.
The competition allowed teams of ethical hackers and security researchers to demonstrate their skills by exploiting zero-day vulnerabilities in popular software products and operating systems.
Some of the known targets in the competition included the following:
- Linux
- Vmware
- Windows 10
- VIVO: S9 5G
- Chrome browser
- Safari browser
- Exchange Server
- Vmware ESXi
- Vmware Workstation
- Ubuntu 20
- Adobe PDF reader
- Docker-CE
- Parallels Desktop
- ASUS Router AX56U
- Xiaomi Mi 11.
Full list of targets exploited at Tianfu Cup
Full list of targets exploited at Tianfu Cup.
The winner of the Tianfu Cup was Kunlun Lab who made the biggest dent in the pot. The team managed to secure $ 654,500 in total for several feats, including hacking iOS 15 through a vulnerability in the Safari mobile browser.
On the other hand, Pangu Team won 300,000 US dollars after breaking into an iPhone 13 Pro during this weekend’s Tianfu Cup.
The team has been known for jailbreaking mobile phones since 2014. This time they managed to crack the security of a brand new top model with iOS 15.
Although technical details of the exploit are scarce at the moment, it will be the first time that someone has publicly demonstrated a successful remote attack on the iPhone 13 since its release on Friday, September 24.
Teams and prize money they won at Tianfu Cup.
As part of the challenge, participants had to circumvent the Pointer Authentication Code (PAC), a security mechanism (in practice a cryptographic signature of pointer values) that Apple has introduced at the chip level.
In total, prizes were awarded for 1.88 million dollars, which is equivalent to just over £1.37 million. Since iPhone 13 is one of the most expensive smartphones in the market at the moment, it is expected that Apple will be contacted by security researchers about the vulnerabilities identified during Tianfu Cup.
Therefore, expect more iOS 15 security updates in the coming weeks.
Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.
Credit: Source link
