White Hats take home $850K at Pwn2Own hacking contest within 2 days

Ramish Zafar
Posted 3 years ago

At the end of the annual Pwn2Own contest this year, researchers managed to rake in a record $850,000 through zero-day exploits against all the major browsers out there. This list includes security flaws in Mozilla Firefox, Google Chrome, Internet Explorer 11 and Apple Safari. Adobe’s Flash Player and Reader were also compromised.

White Hat hackers ‘Pwn’ major Browsers and take home $850K in cash

The first day of the competition, Wednesday, belonged to the French vulnerability research firm, Vupen. The firm managed to hack Firefox, IE11, Adobe Reader and Flash Player, all in the same day, to rack up a cool $300,000. “We’ve pwnd Adobe Reader XI with a heap overflow + PDF sandbox escape (without relying on a kernel flaw). Exploit reported to Adobe!,” Vupen tweeted. Firefox had a bad first day, with with researchers Juri Adela and Mariusz Mlynski also being able to exploit vulnerabilities. Researchers from the French team also managed to successfully bypass Chrome’s sandbox protection.


“I think we hit it out of the park this time,” said Brian Gorenc of ZDI, the bug bounty program part of HP’s Tipping Point division. “We gave the contestants 30 minutes each, but most of them demonstrated their exploits within minutes, all within five minutes, and then used the remaining time to go to the disclosure room where vendors waited.” The vulnerabilities detected are reported immediately to the vendors, who then move towards patching.

A more worrying compromise perhaps occurred on Thursday. Researchers Sebastian Apelt and Andreas Schmidt managed remote code execution through Microsoft Internet Explorer. The browser based exploit chained two use-after-free vulnerabilities and a Windows Kernel bug to open Windows Calculator. The browser had already been compromised on the first day of the competition. The next target on the researchers list was Apple’s Safari. The browser fell when researcher Liang Chen of the Chinese Keen Team managed remote code execution through combining a heap flow vulnerability with a sandbox bypass.

Share on Facebook Share on Twitter Share on Reddit