Adobe Flash, Reader and Java Go Down At Pwn2Own
The Pwn2Own hacking competition at CanSecWest today ended with Adobe Flash, Adobe Reader XI and Java to be successfuly hacked. Seperately, Google's Chrome OS remained almost intact at Google's Pwnium 3 contest.
Again, Vupen security, who had attacked Microsoft's Internet Explorer 10, Firefox and Java on day one, demonstrated an exploit for Adobe Flash.
George Hotz, the 23-year-old best known for "jailbreaking" the iPhone and the Sony PlayStation 3, attacked Adobe Reader and Ben Murphy exploited Java.
Vupen and Hotz each received $70,000 for their Adobe vulnerabilities and hacks. Murphy, like each of the others who cracked Java, earned $20,000.
In response to day one's attacks, Mozilla and Google have today released updates to their browsers. Mozilla's Firefox has been updated to version 19.0.2 with a fix for the vulnerability discvered at Pwn2Own by Vupen security. Google has updated Chrome on Windows, Mac OS X and Linux for a flaw that was exploited by Nils and Jon of MWR Labs at Pwn2Own.
Pwn2Own's total award payout was $480,000. The Vupen team took home over half of that, $250,000, for its exploits of IE10, Firefox, Flash and Java.
However, Google's Pwnium 3, which also ran Thursday at CanSecWest, came up empty-handed. The contest has completed and Google did not receive any winning entries.
Pwnium offered very large awards - up to $150,000 for each hack, with Google committing to a maximum payout of as much as $3.14 million -- and its focus on Chrome OS, the browser-based operating system.
George Hotz, the 23-year-old best known for "jailbreaking" the iPhone and the Sony PlayStation 3, attacked Adobe Reader and Ben Murphy exploited Java.
Vupen and Hotz each received $70,000 for their Adobe vulnerabilities and hacks. Murphy, like each of the others who cracked Java, earned $20,000.
In response to day one's attacks, Mozilla and Google have today released updates to their browsers. Mozilla's Firefox has been updated to version 19.0.2 with a fix for the vulnerability discvered at Pwn2Own by Vupen security. Google has updated Chrome on Windows, Mac OS X and Linux for a flaw that was exploited by Nils and Jon of MWR Labs at Pwn2Own.
Pwn2Own's total award payout was $480,000. The Vupen team took home over half of that, $250,000, for its exploits of IE10, Firefox, Flash and Java.
However, Google's Pwnium 3, which also ran Thursday at CanSecWest, came up empty-handed. The contest has completed and Google did not receive any winning entries.
Pwnium offered very large awards - up to $150,000 for each hack, with Google committing to a maximum payout of as much as $3.14 million -- and its focus on Chrome OS, the browser-based operating system.