Turn off the Ad Banner  

To print: Select File and then Print from your browser's menu.

    -----------------------------------------------
This story was printed from CdrInfo.com,
located at http://www.cdrinfo.com.
-----------------------------------------------

Appeared on: Friday, March 14, 2014
Security Researchers Pocket $850K In Pwn2Own Contest

The second and final day of HP-sponsored Pwn2Own 2014 competition saw successful attempts by seven entrants against five products, with $450,000 paid to researchers. This brings the two-day payout total to $850,000.

The following vulnerabilities were successfully presented on Thursday in the Pwn2Own competition:

An anonymous participant on Thursday attacked Google Chrome by taking advantage of an arbitrary read/write bug to bypass the browser's sandbox and execure its code. Upon review, contest judges declared this a partial win due to one portion of the presentation's collision with a vulnerability presented earlier at Pwnium.

Sebastian Apelt and Andreas Schmidt attacked Microsoft Internet Explorer. They discovered two "use-after-free" and a kernel bug.

Liang Chen of Keen Team worked on Apple Safari and a heap overflow along with a sandbox bypass resulted in code execution.

PlayStation modder and one-time Apple employee, George Hotz attacked Mozilla Firefox and used an flaw in Firefox to achieve "out-of-bound read/write resulting in code execution",

Team VUPEN attacked Google Chrome with "a use-after-free causing object confusion in the broker, resulting in sandbox bypass".

Last but not least, Zeguang Zhou of team509 and Liang Chen of Keen Team took on with Adobe Flash, and a heap overflow with a sandbox bypass resulted in code execution.

More information on Pwn2Own's first day results is available here.




Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .