On day two, (March 15, 2018) Richard Zhu made a comeback by hacking Firebox browsing using out-of-bounds read flaw vulnerability and an integer overflow in the Windows kernel to pop and execute his code with elevated privileges.

More: Come and Take a Hit, if you Dare! Declares the Pentagon
More: Mobile Pwn2Own: Hackers pwn iPhone, Huawei, Galaxy and Pixel Phone
More: Safari, Ubuntu Linux, Edge, and Adobe Reader, Hacked At Pwn2Own 2017

For hacking Firefox, Zhu received a whopping amount of $50,000 prize money as well as the Master of Pwn award. In total, Zhu was able to earn $120,000 from his Microsoft’s and Firefox browser hacks.

Then came in Markus Gaasedelen, Nick Burnett and Patrick Biernat of Ret2 Systems, Inc. who targeted Apple Safari with a macOS kernel EoP. However, according to Pwn2Own rules, hackers must demonstrate successful hack within three attempts but in this case, the team was able to do so on the fourth attempt.

Ret2 Systems could not win any prize money but Pwn2Own purchased and disclosed the bugs to Apple through our normal process.

The last team to try their luck at Pwn2Own was MWR Labs whose hackers Alex Plaskett, Georgi Geshev, and Fabi Beterke targeted Apple Safari with a sandbox escape. The team leveraged a heap buffer underflow in the browser and an uninitialized stack variable in macOS to exploit Safari and escape the sandbox. In doing so, they earned $55,000 and 5 Master of Pwn points.

In total, organizers awarded $267,000 for the two-day contest whereas hackers discovered one Mozilla bug, two bugs, four Microsoft bugs and five Apple bugs. In the next step, the organizers will reach out to the targeted vendors with the security flaws discovered during Pwn2Own 2018.

Source link
Based Blockchain Network


Please enter your comment!
Please enter your name here