Pwn2own Hacking Contest 2014; Google Takes Down Apple Safari For $32,000; Zero-Day Initiative Hacks IE For $50,000; Firefox, Chrome and Flash Downed
Pwn2own Hacking Contest 2014, which began Friday in Vancouver has ended today. If you're not a hacker, you might be asking yourself just what a Pwn2own hacking contest is. It's a little different the recent Mobile World Congress and Consumer Electronics Show held in Las Vegas.
First of all, there is big money to be won at this contest: A whopping $4 million in prize money will transfer as both Pwnium and Pwn2Own contests draw one big chunk of attention. It's no surprise that Google funds $3 million for the security award mark.
Reports say that all major browsers along with 2 Adobe browser plug ins fell to the masterminds of the hackers in two separate contests. Taking Adobe Flash apart earned Liang Chen and Zeguang Zhao of Team509 $75,000 for the code execution involving " Adobe Flash heap overflow with a sandbox bypass."
Sponsored by HP and organized by HP-owned Zero-Day Initiative, Pwn2Own offered $1.085 million worth of prizes, as security researchers went after security features on Adobe Flash and Reader. The browsers tested by hackers included Apple Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox.
Liang Chen of Keen Team bagged $65,000 for 'pwning' Apple's browser.
CNET reports, "Eight research teams earned $850,000, with another $82,500 going to charity for Pwn4Fun over the two-day competition, which concluded on Thursday at the CanSecWest conference at the Sheraton Wall Hotel here. HP has summarized results for Day One and Day Two."
The new Pwn4Fun charity contest witnessed Pwn2Own co-sponsor Google taking down Apple Safari for $32,500, and Pwn2Own organizer Zero-Day Initiative hacking Internet Explorer for $50,000. Both prizes will go to the Canadian Red Cross.
Team VUPEN was successful in blocking Mirosoft's IE with a vulnerability, a "use-after-free" which creates object confusion in the broker, giving rise to sandbox bypass. The vulnerability has been passed on to Microsoft and CEO Satya Nadella and his staffers at Redmond St. will be attempting for a fix to the hack.
Angela Gunn, Senior Security Content Developer, HP Security Research said in a report by net-security.org,"All vulnerabilities were disclosed to their respective vendors in the Chamber of Disclosures, and each will be working to address those issues through their respective processed."
