Jump to content

Pwn2Own 2014: Firefox, Internet Explorer and Safari Hacked on Day One


Reefa

Recommended Posts

Pwn2Own-2014-Firefox-Internet-Explorer-a

The payouts made after the first day total $400,000 (€286,000). Most of the money went to French research firm VUPEN. The company’s researchers have managed to find a total of four vulnerabilities.

They found a use-after-free with an Internet Explorer sandbox bypass in Flash. The issue can be exploited to execute arbitrary code. A heap overflow and PDF sandbox escape in Adobe reader also resulted in code execution.

VUPEN experts have also found a use-after-free that can be leveraged for code execution in Firefox. In addition, they’ve managed to bypass the sandbox in Internet Explorer 11 on Windows 8.1 with a use-after-free vulnerability that causes object confusion in the broker.

For their work, VUPEN researchers have been rewarded with $300,000 (€215,000).

Researchers Jüri Aedla and Mariusz Mlynski each managed to “pwn” Firefox. Aedla found an out-of-bound read/write resulting in code execution.

Mlynski found two security holes: a privilege escalation flaw and one that can be exploited to bypass the web browser’s security measures. Each of the experts has been rewarded with $50,000 (€35.850).

TippingPoint’s Zero Day Initiative (ZDI) and Google, the co-sponsor of Pwn2Own 2014, have taken part in a new challenge called Pwn4Fun. Experts from Google and ZDI presented their own exploits, all the proceeds being donated to the Canadian Red Cross.

“At Pwn4Fun, Google delivered a very impressive exploit against Apple Safari launching Calculator as root on Mac OS X. ZDI presented a multi-stage exploit, including an adaptable sandbox bypass, against Microsoft Internet Explorer, launching Scientific Calculator (running in medium integrity) with continuation,” the competition’s organizers explained.

A total of $82,500 (€59,000) has been donated to the Canadian Red Cross.

IDG’s Gregg Keizer reports that most of the contestants managed to demonstrate their exploits within 5 minutes, despite having 30 minutes to do it. Once the exploits were demonstrated, the security researchers headed to the disclosure room where they presented the details of their exploits to vendors.

This is one of the main conditions of Pwn2Own. All vulnerabilities must be disclosed to respective vendors so that they can fix the security holes.

We can expect Mozilla and Microsoft to patch the vulnerabilities found by contestants in the upcoming days. It remains to be seen if anyone manages to break Chrome in the second and last day of Pwn2Own.

Source

Link to comment
Share on other sites


  • Replies 17
  • Views 1.8k
  • Created
  • Last Reply

Top Posters In This Topic

  • Gabben

    3

  • drunk

    3

  • NeowinMOD™

    3

  • Mr Orus

    2

NeowinMOD™

Chrome has Google surveillance behind, I would rather suggest Chromium instead which is open-source browser. I will stick to Firefox based browsers for my whole life. Mozilla keeps going forward in great pace, also Mozilla calls plug-in free internet browsing which is also great idea. I'm looking forward what Mozilla innovates in the future.

Link to comment
Share on other sites


Chrome is the best!

yes, is the best spy botnet, collecting data from everything user do.

I've heard that a lot, but for me, it's not a big problem. The problem is the way you use it.

P/s: Sorry for my bad English :rolleyes:.

Link to comment
Share on other sites


Chrome has Google surveillance behind, I would rather suggest Chromium instead which is open-source browser.

I will stick to Firefox based browsers for my whole life.

Mozilla keeps going forward in great pace, also Mozilla calls plug-in free internet browsing which is also great idea.

I'm looking forward what Mozilla innovates in the future.

I fully second that!

I hope Google will Not buy Mozilla out...

Link to comment
Share on other sites


Chrome is the best!

Why? Becasue it mines more data than any of the other browsers?

Because it's safe, secure, fast and customizable.

Link to comment
Share on other sites


Sorry to break your illusions - chrome browser was hacked on the 2nd day of Pwn2Own.

http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/

"By an anonymous participant:
Against Google Chrome, an arbitrary read/write bug with a sandbox bypass resulting in code execution. Upon review, contest judges declared this a partial win due to one portion of the presentation’s collision with a vulnerability presented earlier at Pwnium."

"By Team VUPEN:
Against Google Chrome, a use-after-free affecting both Blink and WebKit along with a sandbox bypass, resulting in code execution."

You have to be sure what's really happening/have happened before you speak. I used to be a chrome fan but now I don't use it anymore. There is no real advantage using chrome any longer.

Chrome is the best!

Why? Becasue it mines more data than any of the other browsers?

Because it's safe, secure, fast and customizable.

Edited by oliverjia
Link to comment
Share on other sites


NeowinMOD™

Are you kidding me? Chrome is all the other things than safe, and customizable? Only customizable thing in Chrome is speeddial background, while in Firefox you can customize almost everything.

Link to comment
Share on other sites


Chrome is the best!

yes, is the best spy botnet, collecting data from everything user do.

trust me... nobody wants to collect data about ur pathetic life.

Just a troll or he doesn't know a damn about browsers!

stfu you stupid gipsy

What's up with the foul attitude/language?! :thumbsdown:

Link to comment
Share on other sites


@ Gabben Moment of attention - We have received notification of your bad behavior, are not allowed insults or personal insults. Are not admitted misconduct. This is a forum for sharing that many users are involved in the discussions. So we do not accept personal insults and negative comments towards the users.

For any problem or dispute of some topic, you can (should) contact the moderators / forum staff.

It is not tolerated the lack of respect towards all users of this forum. Prohibited offensive language.

Link to comment
Share on other sites


I'm sorry but i had to raise my voice against these Chrome haters. Also the romanian dude called me troll for no reason.

If you want to ban me then ban me. I don't care. I just registered for the Norton trial reset long time ago. I don't care about this community. Bunch of Mozilla and ESET lovers and Google haters...

Link to comment
Share on other sites


NeowinMOD™

I'm sorry but i had to raise my voice against these Chrome haters. Also the romanian dude called me troll for no reason.

If you want to ban me then ban me. I don't care. I just registered for the Norton trial reset long time ago. I don't care about this community. Bunch of Mozilla and ESET lovers and Google haters...

Racist or low iq? Mod

Just a troll or he doesn't know a damn about browsers!

This goes too much out-of-topic guys, please calm down. This is free world and free forum where people can share their opinions about different apps without judging.

Link to comment
Share on other sites


@ drunk Moment of attention - We have received notification of your bad behavior, are not allowed insults or personal insults. Are not admitted misconduct. This is a forum for sharing that many users are involved in the discussions. So we do not accept personal insults and negative comments towards the users.

For any problem or dispute of some topic, you can (should) contact the moderators / forum staff.

It is not tolerated the lack of respect towards all users of this forum. Prohibited offensive language.

Link to comment
Share on other sites


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...