Pwn2Own Hackers Found Exploits In Safari, Adobe Reader, macOS And More
The tenth anniversary of the Pwn2Own competition kicked off and hackers from around the world succeded in proving vulnerabilities in some very popular software, including Ubuntu dektop, Adobe Reader, Apple Safari and Microsoft Edge.
This year's event features 11 teams of contestants targeting products across four categories - 30 different attempts in total. Each contestant haves three attempts within their allotted timeslot to demonstrate the exploit.
The results for Day One is below are the following:
- 360 Security (@mj0011sec) targeting Adobe Reader
The team used a jpeg2000 heap overflow in Adobe Reader, a Windows kernel info leak, and an RCE through an uninitialized buffer in the Windows kernel to take down Adobe Reader. In the process, they have earned themselves $50,000 USD and 6 points towards Master of Pwn.
- Samuel Gro? (@5aelo) and Niklas Baumstark (_niklasb) targeting Apple Safari with an escalation to root on macOS
In a partial sucsess, Samuel Gro? (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.
- Tencent Security - Team Ether targeting Microsoft Edge
Tencent Security - Team Ether successfully exploits Microsoft edge through an arbitrary write in Chakra core. They used a logic bug to escape the sandbox and earn themselves $80,000 and 10 points for Master of Pwn.
- Chaitin Security Research Lab (@ChaitinTech) targeting Ubuntu Desktop
The Chaitin Security Research Lab (@ChaitinTech) welcomes Ubuntu Linux to Pwn2Own with a Linux kernel heap out-of-bound access. They earned themselves $15,000 and 3 Master of Pwn points.
- Tencent Security - Team Sniper (Keen Lab and PC Mgr) targeting Adobe Reader
Tencent Security - Team Sniper (Keen Lab and PC Mgr) used an info leak in Reader followed by a UAF to get code execution, then they leveraged a UAF in the kernel to gain SYSTEM-level privileges, winning $25,000 and 6 Master of Pwn points.
- Chaitin Security Research Lab (@ChaitinTech) targeting Apple Safari with an escalation to root on macOS
The Chaitin Security Research Lab (@ChaitinTech) successfuly exploited Apple Safari to gain root access on macOS by using a total of six bugs in their exploit chain including an info disclosure in Safari, four different type confusions bugs in the browser, and an a UAF in WindowServer. This earned the team $35,000 and 11 points towards Master of Pwn.