Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Network Security / Major Browsers Hacked at Pwn2Own
Chrome, Firefox, Explorer, Safari All Hacked at Pwn2Own Contest
Chrome, Firefox, Explorer, Safari All Hacked at Pwn2Own Contest
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Information security researchers who took part in the recent Pwn2Own hacking contest walked away with more than $500,000 in award money after finding vulnerabilities in every major Internet browser. In addition to finding bugs in Internet Explorer 11, Mozilla Firefox, Apple Safari and Google Chrome, the contest winners also identified vulnerabilities in the Windows operating system, Adobe Reader and Adobe Flash.

Held annually during the CanSecWest security conference, the Pwn2Own contest also awards the winners with the devices they hacked. First held in 2007, this year's competition featured seven individual and group contestants who tackled a variety of Windows-based and Mac OS X-based targets over the course of two days at CanSecWest 2015 in Vancouver.

During each of the 12 challenges, researchers and research teams had 30 minutes to demonstrate exploits on the various Windows and Mac OS targets. By the end of the competition, contestants had uncovered five bugs in the Windows OS; four bugs in IE 11; three bugs each in Firefox, Reader and Flash; two bugs in Safari; and one bug in Chrome. The big winner was JungHoon Lee, who goes by the hacker handle lokihardt and broke the all-time Pwn2Own award record.

$317,500 in Day One Awards

Named for the fact that competitors must hack or "pwn" a device to win it, Pwn2Own was first organized by security consultant Dragos Ruiu because of his concerns over unaddressed Apple vulnerabilities. This year's contest was sponsored by HP's Zero Day Initiative with support from Google's Project Zero.

Researchers taking part in this year's Pwn2Own included Lee; a hacker known only as ilxu1a; and individual researchers Nicolas Joly, Mariusz Mlynski and Arnaud Lubin. A number of teams also participated jointly in several challenges.

On Wednesday, Day One of the contest, Team509 and KeenTeam earned $60,000 for exploiting a Flash bug and garnered a $25,000 bonus for leveraging a local privilege escalation. Joly was awarded $30,000 for finding another Flash vulnerability, then took another $60,000 for an Adobe Reader exploit. Working with Tencent PCMgr, KeenTeam won another $55,000 for finding an Adobe Reader bug.

Other Day One winners included Mlynski, who earned $55,000 for a Firefox exploit, and the 360Vulcan Team, which was awarded $32,500 for exploiting a vulnerability with 64-bit Microsoft Internet Explorer 11.

'Wow' Just Isn't Enough

On Day Two, Lee (lokihardt) walked away with a total of $225,000 for finding and exploiting three separate vulnerabilities: a time-of-check to time-of-use vulnerability in IE 11 (earning $65,000 in award money), a bug that affects both the stable and beta versions of Google Chrome ($110,000) and a use-after-free vulnerability in Apple Safari ($50,000).

Lee's Chrome award was not only the single largest in this year's competition, but the biggest ever in Pwn2Own history. "To put it another way, lokihardt (Lee) earned roughly $916 a second for his two-minute demonstration," wrote Dustin Childs in a post on the HP Security Research Blog. "There are times when 'Wow' just isn't enough."

In other Day Two challenges, ilxu1a earned $15,000 for exploiting a Mozilla Firefox bug and came close to launching a Google Chrome exploit before running out of time.

At the end of every Pwn2Own, all the relevant vendors are informed of the vulnerabilities identified via the Zero Day Initiatives "Chamber of Disclosures." The exploits are made public after the affected companies have issued patches for the bugs.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.