All web browsers cracked at Pwn2Own 20152015-03-23 09:52 by Daniela
Tags: Pwn2Own, hacker, browser
The annual Pwn2Own hacking contest has taken place in Vancouver. The results are: $442,000 paid for 21 critical flaws in all four major browsers, as well as Windows, Adobe Flash, and Adobe Reader.
During the event, researchers have uncovered five bugs in the Windows OS; four bugs in IE 11; three bugs each in Firefox, Reader and Flash; two bugs in Safari; and one bug in Chrome.
The big winner of the competition is the South Korean security researcher and hacker - Jung Hoon Lee, aka lokihardt. He demonstrated an exploit that took down both the stable and beta versions of Chrome, otherwise known as hard to compromise. Lee also hacked the 64-bit Internet Explorer 11 with a time-of-check to time-of-use exploit that achieved read/write privileges. He also took down Apple's Safari browser with a use-after-free exploit and a separate sandbox escape.
"With all of this, lokihardt managed to get the single biggest payout of the competition, not to mention the single biggest payout in Pwn2Own history: $75,000 USD for the Chrome bug, an extra $25,000 for the privilege escalation to SYSTEM, and another $10,000 from Google for hitting the beta version for a grand total of $110,000," Pwn2Own organizers wrote in a blog post. "To put it another way, lokihardt earned roughly $916 a second for his two-minute demonstration."
Sponsored by Hewlett-Packard's Zero Day Initiative program, the Pwn2Own contest takes place every year at the CanSecWest security conference in Vancouver, Canada. Researchers are able to use any unknown vulnerability to hack the software of different vendors. As a reward, they take home the hardware on which the exploit was run, as the name 'pwn to own,' suggests as well as cash prizes from the sponsors.
As the rules of Pwn2Own require, the vulnerabilities used to attack the systems are privately disclosed to the respective vendors and are kept secret until the companies release patches.
Read more -here-