Wednesday, April 26, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Twitter's Revenue Drops Despite User Growth
Western Digital Ships Fourth-Generation Ultrastar He12 12TB Hard Drive
Verizon's Latest Unlimited Data Plan Costs $80
LG Display Posts Record Earnings on OLED TV Sales
Google co-founder Sergey Brin Is Building Airship
Uber Faces New Setback In South Korea
Uber Takes to The Skies With Flying Taxis by 2020
ARM Introduces Image Signal Processor Targeted At ADAS
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Pwn2Own...
Last 7 Days News : SU MO TU WE TH FR SA All News

Thursday, March 16, 2017
Pwn2Own Hackers Found Exploits In Safari, Adobe Reader, macOS And More


The tenth anniversary of the Pwn2Own competition kicked off and hackers from around the world succeded in proving vulnerabilities in some very popular software, including Ubuntu dektop, Adobe Reader, Apple Safari and Microsoft Edge.



This year's event features 11 teams of contestants targeting products across four categories - 30 different attempts in total. Each contestant haves three attempts within their allotted timeslot to demonstrate the exploit.

The results for Day One is below are the following:

  • 360 Security (@mj0011sec) targeting Adobe Reader

The team used a jpeg2000 heap overflow in Adobe Reader, a Windows kernel info leak, and an RCE through an uninitialized buffer in the Windows kernel to take down Adobe Reader. In the process, they have earned themselves $50,000 USD and 6 points towards Master of Pwn.

  • Samuel Gro? (@5aelo) and Niklas Baumstark (_niklasb) targeting Apple Safari with an escalation to root on macOS

In a partial sucsess, Samuel Gro? (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.

  • Tencent Security - Team Ether targeting Microsoft Edge

Tencent Security - Team Ether successfully exploits Microsoft edge through an arbitrary write in Chakra core. They used a logic bug to escape the sandbox and earn themselves $80,000 and 10 points for Master of Pwn.

  • Chaitin Security Research Lab (@ChaitinTech) targeting Ubuntu Desktop

The Chaitin Security Research Lab (@ChaitinTech) welcomes Ubuntu Linux to Pwn2Own with a Linux kernel heap out-of-bound access. They earned themselves $15,000 and 3 Master of Pwn points.

  • Tencent Security - Team Sniper (Keen Lab and PC Mgr) targeting Adobe Reader

Tencent Security - Team Sniper (Keen Lab and PC Mgr) used an info leak in Reader followed by a UAF to get code execution, then they leveraged a UAF in the kernel to gain SYSTEM-level privileges, winning $25,000 and 6 Master of Pwn points.

  • Chaitin Security Research Lab (@ChaitinTech) targeting Apple Safari with an escalation to root on macOS

The Chaitin Security Research Lab (@ChaitinTech) successfuly exploited Apple Safari to gain root access on macOS by using a total of six bugs in their exploit chain including an info disclosure in Safari, four different type confusions bugs in the browser, and an a UAF in WindowServer. This earned the team $35,000 and 11 points towards Master of Pwn.



Previous
Next
JDI Expands Automotive LCD Production Capacity        All News        Google Family Link app Will Help You Monitor Your Kid's Android Device
JDI Expands Automotive LCD Production Capacity     General Computing News      Current VR Experiences Still Lack Of Real Engagement

Get RSS feed Easy Print E-Mail this Message

Related News
Dallas Emergency Siren System Hacked
CIA Used Sophisticated Hack Techniques To Apple Devices: WikiLeaks
Google Says Hacked sites Rose in 2016
Hackers Demonstrate VM Escapes In Pwn2Own 2017 Hacking Contest
U.S. Charges Russian Spies Over Yahoo Hacks
Yahoo Unveils New Security Breach
U.S.Navy Disclosed Security Breach In Its Systems
Yahoo Investigates New Hack Claim
Hackers Steal Money From 20,000 Tesco Bank Accounts
Microsoft Identifies Russia-linked Hackers Exploiting Windows Flaw
Multiple Banks Attacked by Hacker Group, Symantec Says
U.S. Blames Russia For Cyber Attacks To Disrupt Election Process

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .