Down go Chrome, Firefox, IE 10, Java, Win 8 at Pwn2Own hacker fest

Share this article:
Chrome falls. (Image via MWRLabs)
Chrome falls. (Image via MWRLabs)

Web browsers Google Chrome, Internet Explorer and Firefox, along with Windows 8 and Java, have been exploited in the Pwn2Own hacking contest in Canada.

Each attack at the CanSecWest conference in Vancouver, British Columbia used zero-day vulnerabilities on a fully patched Windows 7, 8 and OS X Mountain Lion operating system with default configurations. Pwn2Own is run by HP's DVLabs Zero Day Initiative.

Firefox was popped with a use-after-free vulnerability and a new technique that bypasses Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) exploit-prevention functionality in Windows, French vulnerability firm and exploit seller Vupen said.

Windows 8 also fell to Vupen researchers, who cracked Microsoft's Surface Pro tablet using two Internet Explorer zero-day vulnerabilities and a sandbox bypass.  

Java, meanwhile, fell to Accuvant Labs' Josh Drake, Contextis' James Forshaw and Vupen, which broke the platform by finding a heap overflow. 

MWRLabs researchers "Nils" and Jon Butler chalked up a reliable sandbox bypass exploit against zero-day vulnerabilities in Chrome. The attack was made by pointing the browser running on an updated Windows operating system to a malicious web page, which granted code execution in the "sandbox rendering" process.

The pair also found a kernel vulnerability that permitted arbitrary commands execution outside of the sandbox with system privileges.

More than half a million dollars was up for grabs in the Pwn2Own. Researchers could earn $100,000 for popping Chrome on Windows 7; the same for hacking Internet Explorer 10 on Win 8; $75,000 for ripping up IE9 on Win 7; $60,000 for owning Firefox on Win 7; and $65,000 for exploiting Apple Safari on OS X Mountain Lion.

Owning IE9 plug-ins on Win 7 attracted $70,000 for Adobe Reader XI, $70,000 for Adobe Flash and $20,000 for Java.

Google will offer a whopping $3.14 million at its sister Pwnium contest, which runs alongside Pwn2Own. The attacks will occur on a WiFi Samsung Series 5 550 Chromebook running an updated stable version of Chrome OS.

The cash pool will be divided into $110,000 for a browser or system level compromise in guest mode or as a logged-in user, delivered via a web page; and $150,000 for a compromise with device persistence – guest to guest with interim reboot, delivered via a web page.

Google shored up Chrome's defenses in the lead up to the hacking contest, with 10 patches that addressed six high-severity flaws. 

A major reason that Google launched its own contest, which premiered at last year's CanSecWest, and dropped support for Pwn2Own was so that it could guarantee it would receive details surrounding the exploits. The Pwn2Own contest doesn't require researchers submit "sandbox escape" information to affected vendors.

This story originally appeared on SCMagazine.com.au.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.