March 13th, 2014, 21:39 PM
Firefox, Safari And Internet Explorer Are All Broken At Pwn2Own
A whopping $400,000 has already been given out at the Pwn2Own hacking contest this week, with three of the world’s most popular browsers exploited by participants.
France-based exploit merchant Vupen walked away with most of the day one prize money, winning $300,000 for showing off exploits of Adobe Flash, Reader, Internet Explorer and Mozilla Firefox.
The Adobe and Firefox breaches allowed for code execution, whilst the IE hack resulted in a sandbox bypass, both of which criminal hackers often aim to achieve.
Google showed off a “very impressive” hack of Apple Safari running on Mac OS X, whilst a handful of vulnerabilities were used in attacks on Firefox by two other researchers, Pwn2Own organisers said.
Indeed, Mozilla will have to get patching, as one flaw allowed for privilege escalation within the browser and another could have been used to bypass browser security measures.
Researchers from the HP Zero Day Initiative also presented a multi-stage exploit, including a sandbox bypass, against Internet Explorer. The ZDI and Google teams gave their prize money of $82,500 to the Canadian Red Cross.
“All vulnerabilities were disclosed to their respective vendors in the Chamber of Disclosures, and each will be working to address those issues through their own processes,” organisers said.