During the first day of the Pwn2Own hacking contest, security researchers successfully demonstrated exploits against Microsoft Edge, Apple’s Safari, Adobe Reader and Ubuntu Desktop.
Bug hunters have gathered again to test their skills against some of the most popular and mature software programs during the Pwn2Own hacking contest. During the first day, they successfully demonstrated exploits against Microsoft Edge, Apple’s Safari, Adobe Reader and Ubuntu Desktop.
The Pwn2Own contest runs every year during the CanSecWest security conference in Vancouver, British Columbia. It’s organized and sponsored by the Zero Day Initiative (ZDI), an exploit acquisition program operated by Trend Micro after its acquisition of TippingPoint.
This year the contest has a prize pool of $1 million for exploits in five categories: virtual machines (VMware Workstation and Microsoft Hyper-V); web browser and plugins (Microsoft Edge, Google Chrome, Mozilla Firefox, Apple Safari and Flash Player running in Edge); local escalation of privilege (Microsoft Windows, macOS and Ubuntu Desktop); enterprise applications (Adobe Reader, Word, Excel and PowerPoint) and server side (Apache Web Server on Ubuntu Server).
On the contest’s first day, two teams managed to take down Adobe Reader and combined other Windows kernel flaws into their attacks to achieve system-level privilege escalation. The team from Chinese security company 360 Security won $50,000 for their exploit chain, and the team from China-based internet company Tencent won $25,000.
