Incident Response, TDR, Vulnerability Management

Researchers demonstrate flaws, earn $450K on final day of Pwn2Own

Researchers earned $450,000 on Thursday, the second and final day of Pwn2Own 2014.

Against Chrome, Team VUPEN – who took home $300,000 on day one – presented a use-after-free vulnerability affecting Blink and WebKit, as well as a sandbox bypass resulting in code execution, and an anonymous participant presented an arbitrary read/write bug with a sandbox bypass resulting in code execution.

Liang Chen of Keen Team presented a heap overflow along with a sandbox bypass against Safari, resulting in code execution, and also demonstrated, along with Zeguang Zhou of team509, a heap overflow with a sandbox bypass against Adobe Flash, which results in code execution.

Against Firefox, George Hotz presented an out-of-bounds read/write flaw resulting in code execution, and Sebastian Apelt and Andreas Schmidt presented two use-after-free flaws and a kernel bug against Internet Explorer resulting in system calculator.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.