Pwn2Own 2018 Begins as Hackers Target Safari, Firefox and Edge – Rewards Go up to $2,000,000!


Zero Day Initiative's Pwn2Own contest has begun, which means we are going to see some interesting exploits coming our way. Apparently, a few researchers had to withdraw after yesterday's Patch Tuesday brought fixes to a number of security issues - nearly 75 from Microsoft.

This year's contest has researchers targeting five categories:

Safari Falls Again as Hackers Continue to Target Apple’s Browser [Firefox Goes Down Too]

  • Virtualization
  • Web browsers
  • Enterprise applications
  • Servers
  • Windows Insider Preview Challenge category

This is the first time that ZDI has partnered with Microsoft with VMware as a sponsor. With their support, the contest is offering up to $2,000,000 in cash and prizes.

"We’re happy to have both Microsoft and VMware as partners and sponsors for the contest," Brian Gorenc, director of the Zero Day Initiative said in a statement to Wccftech. "These partnerships help us reach a greater audience and hopefully provide better security for everyone in this software."

As the day has just begun, so far, only one researcher has tried their luck with Apple Safari but they were unable to target Apple's browser in the time limit set by ZDI. Browser exploits get hackers up to $70,000.

Here's the complete schedule and the names of researchers who are going to try targeting various browsers at this year's Pwn2Own (complete details available here):

Day One - March 14, 2018

1000 (Pacific Time) – Richard Zhu (fluorescence) targeting Apple Safari with a sandbox escape
Failure: The contestant could not get his exploit against working within the time allotted.

1200 – Richard Zhu (fluorescence) targeting Microsoft Edge with a Windows kernel EoP

1400 – Niklas Baumstark (_niklasb) from the phoenhex team targeting Oracle VirtualBox

1600 – Samuel Groß (saelo) of phoenhex targeting Apple Safari with a macOS kernel EoP

Day Two – March 15, 2018

1000 – Richard Zhu (fluorescence) targeting Mozilla Firefox with a Windows kernel EoP

1200 – Markus Gaasedelen, Nick Burnett, Patrick Biernat of Ret2 Systems, Inc. targeting Apple Safari with a macOS kernel EoP

1400 – MWR Labs - Alex Plaskett (AlaxJPlaskett), Georgi Geshev (munmap), Fabi Beterke (pwnfl4k3s) targeting Apple Safari with a sandbox escape