Top browsers exploited in first day of Pwn2Own

Share this article:
Top browsers exploited in first day of Pwn2Own
A total of $400,000 was given to Team Vupen and other researchers for their exploits.

Three of the most popular web browsers were exploited by participants on Wednesday, during the first day of the Pwn2Own hacking contest.

In addition to Firefox, Internet Explorer 11 (IE11), and Safari, participants were able to crack Adobe's Flash and Reader products, according to a blog post by Angela Gunn, senior security content developer for HP Security Research.

Researchers earned a total of $400,000, a first day record, for their exploits. Experts from Vupen, a French security firm that sells software vulnerability information to governments and businesses, earned a majority of that share - $300,000 – for their work.

Team Vupen successfully exploited Adobe Flash, Reader, IE11, and Firefox. The Flash, Reader and Firefox hacks resulted in code execution, and the IE11 exploit allowed for a sandbox bypass.

Security researchers Jüri Aedla and Mariusz Mlynski successfully cracked Firefox. While Aedla's exploit results in code execution, Mlynski's could be leveraged to bypass browser security measures, according to the post. Each researcher earned $50,000 for their work.

In the contest's “sponsors-only” event, Pwn4Fun, Google performed a “very impressive” exploit on the Apple Safari browser running on Mac OS X, while the Zero Day Initiative successfully attempted a “multi-stage exploit” that includes a sandbox bypass on IE 11. The $82,500 won by the sponsors was given to the Canadian Red Cross, the charity of their choice.

Expect for fixes addressing the issues on each of the products to be released soon.

“All of the vulnerabilities were disclosed to their respective vendors in the Chamber of Disclosures, and each will be working to address those issues through their own processes,” Gunn wrote.

The final day of the contest begins on Thursday at 10 a.m. PDT.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISA president urges state AGs to expand understanding of cybercrime

Speaking at a National Association of State Attorneys General conference, ISA's Larry Clinton asked the AGs to step up efforts to get more resources.

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.