The Pwn2Own hacking competition at CanSecWest today ended with Adobe Flash, Adobe Reader XI and Java to be successfuly hacked. Seperately, Google's Chrome OS remained almost intact at Google's Pwnium 3 contest.
Again, Vupen security, who had attacked
Microsoft's Internet Explorer 10, Firefox and Java on day one, demonstrated an exploit for Adobe Flash.
George Hotz, the 23-year-old best known for "jailbreaking" the iPhone and the Sony PlayStation 3, attacked Adobe Reader and Ben Murphy exploited Java.
Vupen and Hotz each received $70,000 for their Adobe vulnerabilities and hacks.
Murphy, like each of the others who cracked Java, earned $20,000.
In response to day one's attacks, Mozilla and Google have today released updates to their browsers. Mozilla's Firefox has been updated to version 19.0.2 with a fix for the vulnerability discvered at Pwn2Own by Vupen security. Google has updated Chrome on Windows, Mac OS X and Linux for a flaw that was exploited by Nils and Jon of MWR Labs at Pwn2Own.
Pwn2Own's total award payout was $480,000. The Vupen team took home over half of that, $250,000, for its exploits of IE10, Firefox, Flash and Java.
However, Google's Pwnium 3, which also ran Thursday at CanSecWest, came up empty-handed. The contest has completed and Google did not receive any winning entries.
Pwnium offered very large awards - up to $150,000 for each hack, with Google committing to a maximum payout of as much as $3.14 million -- and its focus on Chrome OS, the browser-based operating system.