Researcher Pawned Firefox, Safari, Internet Explorer and Adobe- Awarded $400,000
Researcher Pawned Firefox, Safari, Internet Explorer and Adobe- Awarded $400,000, Pwn2Own security, Pwn2Own news, Pwn2Own day two, Pwn2Own 2014, hacked by VUPEN, VUPEN recurity researcher, web browser get owned.
The most amazing thing happened this year in Pwn2Own contest was that researcher were able to demonstrate their exploit within 5 minutes. The standard period allowed to any researcher to demonstrate prove of concept was of 30 minutes. As the researcher have successfully completed the task and PWN the target, they headed to the disclosure room where they presented the details of their exploits to vendors.
Team VUPEN have discovered the following vulnerabilities,
- Against Adobe Flash, a use-after-free with an IE sandbox bypass resulting in code execution.
- Against Adobe Reader, a heap overflow and PDF sandbox escape, resulting in code execution.
- Against Microsoft Internet Explorer, a use-after-free causing object confusion in the broker, resulting in sandbox bypass.
- Against Mozilla Firefox, a use-after-free resulting in code execution.
Other individual researcher have also got some of the reward on the first day of contest were, Juri Aedla and Mariusz Mlynski.
Aedla had able to found an out-of-bound read/write vulnerability on Firefox which lead to code execution, of which he was rewarded $50,000 for his effort.
where as Mlynski found to security loop holes in Mozilla Firefox, one was allowing privilege escalation and another was bypassing browser security measure. For this effort he was also rewarded $50,000.
At the end of the first day none of the researcher find flaws on Google Chrome and it remain escape unbroken. For further update, we in touch with us as second and last is will be going tomorrow.
Join the conversation