The Pwn2Own hacking competition began on March 15. It’s sponsored by the security firm Trend Micro. The very first day saw some major hacks and awards worth $233,000 in prize money.
This year’s event marks the 10th year of this annual hacking competition. It’s also special as for the first time Linux was made a target. Specifically, Ubuntu Linux 16.10 was hacked along with other software like Microsoft Edge, Adobe Reader, and Apple Safari.
The series of hacks was started by the Qihoo 360’s team which targeted Adobe Reader using a jpeg2000 heap overflow, a Windows kernel info leak, and an RCE. The team earned $50,000 reward.
The Adobe hack was followed by targeting Apple Safari with an escalation to root on macOS. Hackers Samuel Groß and Niklas Baumstark used a user-after-free (UAF) in Safari and some logic bugs to earn $28,000.
Microsoft Edge was attacked by Tencent Security’s Team Ether that used an arbitrary write in Chakra Core. Using a logic bug that escaped sandbox, Team Ether earned $80,000.
The open source Linux Desktop was hacked by Chaitin Security Research Lab. With the help of a Linux kernel heap out-of-bound access, the team was able to grab $15,000.
Source: https://fossbytes.com/ubuntu-linux-safari-adobe-edge-hacked-pwn2own-2017/
Submitted by: Arnfried Walbrecht
Also Firefox:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/
Comments are closed.