TDR

Researchers demonstrate flaws, earn $450K on final day of Pwn2Own

March 14, 2014

Researchers earned $450,000 on Thursday, the second and final day of Pwn2Own 2014.

Against Chrome, Team VUPEN – who took home $300,000 on day one – presented a use-after-free vulnerability affecting Blink and WebKit, as well as a sandbox bypass resulting in code execution, and an anonymous participant presented an arbitrary read/write bug with a sandbox bypass resulting in code execution.

Liang Chen of Keen Team presented a heap overflow along with a sandbox bypass against Safari, resulting in code execution, and also demonstrated, along with Zeguang Zhou of team509, a heap overflow with a sandbox bypass against Adobe Flash, which results in code execution.

Against Firefox, George Hotz presented an out-of-bounds read/write flaw resulting in code execution, and Sebastian Apelt and Andreas Schmidt presented two use-after-free flaws and a kernel bug against Internet Explorer resulting in system calculator.

prestitial ad