Thursday, August 17, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Apple is Getting Serious in TV Shows and Film Prospect
Acer's New 4K Projectors Bring the Benefits of Cinema Home
Fiat Chrysler Joins BMW, Intel, Mobileye in Autonomous Driving Team
Kingston Adds Lower 4GB and 8GB Capacities to DataTraveler 2000 Encrypted USB
Intel Ice Lake Architecture Will Find its Way to 10nm+ Chips
CyberLink Launches U Web Communication App for Online Meetings
Samsung Introduces New Portable T5 SSD
Qualcomm Announces Depth-Sensing Camera Technology Designed for Android Devices
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Pwn2Own...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, March 16, 2017
Pwn2Own Hackers Found Exploits In Safari, Adobe Reader, macOS And More


The tenth anniversary of the Pwn2Own competition kicked off and hackers from around the world succeded in proving vulnerabilities in some very popular software, including Ubuntu dektop, Adobe Reader, Apple Safari and Microsoft Edge.



This year's event features 11 teams of contestants targeting products across four categories - 30 different attempts in total. Each contestant haves three attempts within their allotted timeslot to demonstrate the exploit.

The results for Day One is below are the following:

  • 360 Security (@mj0011sec) targeting Adobe Reader

The team used a jpeg2000 heap overflow in Adobe Reader, a Windows kernel info leak, and an RCE through an uninitialized buffer in the Windows kernel to take down Adobe Reader. In the process, they have earned themselves $50,000 USD and 6 points towards Master of Pwn.

  • Samuel Gro? (@5aelo) and Niklas Baumstark (_niklasb) targeting Apple Safari with an escalation to root on macOS

In a partial sucsess, Samuel Gro? (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.

  • Tencent Security - Team Ether targeting Microsoft Edge

Tencent Security - Team Ether successfully exploits Microsoft edge through an arbitrary write in Chakra core. They used a logic bug to escape the sandbox and earn themselves $80,000 and 10 points for Master of Pwn.

  • Chaitin Security Research Lab (@ChaitinTech) targeting Ubuntu Desktop

The Chaitin Security Research Lab (@ChaitinTech) welcomes Ubuntu Linux to Pwn2Own with a Linux kernel heap out-of-bound access. They earned themselves $15,000 and 3 Master of Pwn points.

  • Tencent Security - Team Sniper (Keen Lab and PC Mgr) targeting Adobe Reader

Tencent Security - Team Sniper (Keen Lab and PC Mgr) used an info leak in Reader followed by a UAF to get code execution, then they leveraged a UAF in the kernel to gain SYSTEM-level privileges, winning $25,000 and 6 Master of Pwn points.

  • Chaitin Security Research Lab (@ChaitinTech) targeting Apple Safari with an escalation to root on macOS

The Chaitin Security Research Lab (@ChaitinTech) successfuly exploited Apple Safari to gain root access on macOS by using a total of six bugs in their exploit chain including an info disclosure in Safari, four different type confusions bugs in the browser, and an a UAF in WindowServer. This earned the team $35,000 and 11 points towards Master of Pwn.



Previous
Next
JDI Expands Automotive LCD Production Capacity        All News        Google Family Link app Will Help You Monitor Your Kid's Android Device
JDI Expands Automotive LCD Production Capacity     General Computing News      Current VR Experiences Still Lack Of Real Engagement

Get RSS feed Easy Print E-Mail this Message

Related News
HBO Offered $250,000 to Hackers
Game Of Thrones Episodes Could Have Leaked After HBO Hack
Hackers Attacked U.K. Parliament
WikiLeaks Says 'Athena' CIA Spying Program Targets All Versions of Windows
Dallas Emergency Siren System Hacked
CIA Used Sophisticated Hack Techniques To Apple Devices: WikiLeaks
Google Says Hacked sites Rose in 2016
Hackers Demonstrate VM Escapes In Pwn2Own 2017 Hacking Contest
U.S. Charges Russian Spies Over Yahoo Hacks
Yahoo Unveils New Security Breach
U.S.Navy Disclosed Security Breach In Its Systems
Yahoo Investigates New Hack Claim

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .