Researcher Pawned Firefox, Safari, Internet Explorer and Adobe- Awarded $400,000

Researcher Pawned Firefox, Safari, Internet Explorer and Adobe- Awarded $400,000, Pwn2Own security, Pwn2Own news, Pwn2Own day two, Pwn2Own 2014, hacked by VUPEN, VUPEN recurity researcher, web browser get owned.
Admin
Admin
Researcher Pawned Firefox, Safari, Internet Explorer and Adobe- Awarded $400,000, Pwn2Own security, Pwn2Own news, Pwn2Own day two, Pwn2Own 2014, hacked by VUPEN, VUPEN recurity researcher, web browser get owned.
Today a charity security competition was started named as "Pwn2Own" which is initiated by HP's Zeroday at Vancouver, Canada. As today was the first day, and hence researcher have made a record payout of $482,000. On this amount  $400,000 were paid to the security researcher firm and other individual researcher, and remaining $82,000 were given for charity to Canadian Red Cross.

Researcher have found the vulnerability on Adobe Flash and reader, Mozilla, Internet Explorer, and Safari web browsers. Most of the money awarded on the first day went to the France based security researcher firm "VUPEN". VUPEN researcher managed to find four vulnerability and also put a proof of concept for vulnerabilities.

The most amazing thing happened this year in Pwn2Own contest was that researcher were able to demonstrate their exploit within 5 minutes. The standard period allowed to any researcher to demonstrate prove of concept was of 30 minutes. As the researcher have successfully completed the task and PWN the target, they headed to the disclosure room where they presented the details of their exploits to vendors.

Researcher Pawned Firefox, Safari, Internet Explorer and Adobe- Awarded $400,000, Pwn2Own security, Pwn2Own news, Pwn2Own day two, Pwn2Own 2014, hacked by VUPEN, VUPEN recurity researcher, web browser get owned.

Team VUPEN have discovered the following vulnerabilities,
  • Against Adobe Flash, a use-after-free with an IE sandbox bypass resulting in code execution.
  • Against Adobe Reader, a heap overflow and PDF sandbox escape, resulting in code execution.
  • Against Microsoft Internet Explorer, a use-after-free causing object confusion in the broker, resulting in sandbox bypass.
  • Against Mozilla Firefox, a use-after-free resulting in code execution.
The other flaw that VUPEN experts were able to find out was also a use-after-free that can be leveraged for code execution in Firefox. The Microsoft's latest Internet Explorer 11 Browser was also found to be vulnerable by Team VUPEN. They have successfully bypassed the sandbox in Internet Explorer 11 on Windows 8.1 with a use after free vulnerability. For the above flaws on the various product team VUPEN was awarded $300,000.

Other individual researcher have also got some of the reward on the first day of contest were, Juri Aedla and Mariusz Mlynski.  

Aedla had able to found an out-of-bound read/write vulnerability on Firefox which lead to code execution, of which he was rewarded $50,000  for his effort. 
where as Mlynski found to security loop holes in Mozilla Firefox, one was allowing privilege escalation and another was bypassing browser security measure. For this effort he was also rewarded $50,000. 

At the end of the first day none of the researcher find flaws on Google Chrome and it remain escape unbroken. For further update, we in touch with us as second and last is will be going tomorrow. 
Read Also
You may like these posts Show all
Post a Comment
Table of Contents

Loading…