Chaouki Bekrar, VUPEN, demonstrating exploit on day two of Pwn2Own 2013
Pwn2Own 2014 saw record payouts for 0-day vulnerabilities, with a total of $850,000 paid out to the eight entrants, and $385,000 potential prize money unclaimed.
Firefox seemed to be the common target for this year's event, making up a third of all vulnerabilities. George Hotz, also known as Geohot: the famed hacker and cryptanalyst that developed iOS and PS3 jailbreaks, also participated and was awarded $50,000 for a Firefox exploit. However, other browsers weren't spared, and every browser had been pwned by the end of the second day of the contest.
The French security company VUPEN made up the lion's share of vulnerabilities and prize money, taking home $300,000 on the first day of the contest and a further $100,000 on day two.
The exploits presented at this year's Pwn2Own are as below.
By Team VUPEN:
- Against Adobe Flash, a use-after-free with an IE sandbox bypass resulting in code execution.
- Against Adobe Reader, a heap overflow and PDF sandbox escape, resulting in code execution.
- Against Microsoft Internet Explorer, a use-after-free causing object confusion in the broker, resulting in sandbox bypass.
- Against Mozilla Firefox, a use-after-free resulting in code execution.
- Against Google Chrome, a use-after-free affecting both Blink and WebKit along with a sandbox bypass, resulting in code execution.
By Sebastian Apelt and Andreas Schmidt:
- Against Microsoft Internet Explorer, two use-after-free bugs and a kernel bug, resulting in system calculator.
By Liang Chen of Keen Team:
- Against Apple Safari, a heap overflow along with a sandbox bypass, resulting in code execution.
By George Hotz:
- Against Mozilla Firefox, an out-of-bound read/write resulting in code execution.
By Zeguang Zhao of team509 and Liang Chen of Keen Team:
- Against Adobe Flash, a heap overflow with a sandbox bypass, resulting in code execution.
By Jüri Aedla:
- Against Mozilla Firefox, an out-of-bound read/write resulting in code execution.
By Mariusz Mlynski:
- Against Mozilla Firefox, two vulnerabilities, one allowing privilege escalation within the browser and one bypassing browser security measures.
By an anonymous participant:
- Against Google Chrome, an arbitrary read/write bug with a sandbox bypass resulting in code execution. Upon review, contest judges declared this a partial win due to one portion of the presentation’s collision with a vulnerability presented earlier at Pwnium.
A third Internet Explorer exploit was attempted on day two, but was unsuccessful in the 30 minute time-frame given for the Pwn2Own contest. ZDI analysts did however look into the submission afterwards and confirmed that it was functional, and purchased the vulnerability as part of their standard brokerage program.
Source: Pwn2Own Day 1, Day 2 | Image via Pwn2Own
31 Comments - Add comment