Day two of the Pwn2Own hacking contest at the CanSecWest Conference in Vancouver has ended with Safari, Internet Explorer, Firefox, Chrome and Flash going down.
The Vupen team continued yesterday’s string of successes by hitting Chrome with an exploit of a use-after-free vulnerability in Blink and Webkit tied with a Chrome sandbox escape, and have added another $100,000 to the $300,000 previously earned. They have withdrawn their entry for having a go at Safari.
Apple’s browser was instead successfully “pwned” by Liang Chen of Keen Team, who’s going home with $65,000 in his pocket and, of course, the laptop he did it on. To that he will also add half of the $75,000 he and Zeguang Zhao of Team509 were awarded for a Adobe Flash heap overflow with a sandbox bypass, which resulted in code execution.
George Hotz (aka “geohot”), the famous iPhone and PlayStation 3 hacker, downed Firefox though an out-of-bound read/write vulnerability, and got $50,000 for it.
A successful attempt at cracking Internet Explorer was executed by Sebastian Apelt and Andreas Schmidt. They exploited two use-after-free bugs and a kernel vulnerability, and earned themselves $50,000 per head. Jung Hoon Lee of ASRT also took a shot at IE, but was unsuccessful.
Finally, an anonymous researcher who entered the competition by proxy managed to exploit an arbitrary read/write bug with a sandbox bypass, which resulted in code execution, but will be awarded only $60,000 because of one portion of the presentation being in collision with a vulnerability presented on Wednesday at the Pwnium contest sponsored by Google.
This year’s Pwn2Own saw a record number of entries. Participants were rewarded with $850,000 in total – not including charitable donations or the value of the laptops and ZDI points.
“All vulnerabilities were disclosed to their respective vendors in the Chamber of Disclosures, and each will be working to address those issues through their respective processes,” commented Angela Gunn, Senior Security Content Developer, HP Security Research.