Pwn2Own Competition Results in 0-Days for Chrome, Firefox, IE, Java and Flash

rated by 0 users
This post has 7 Replies | 1 Follower

Top 10 Contributor
Posts 24,923
Points 1,118,155
Joined: Sep 2007
ForumsAdministrator
News Posted: Thu, Mar 7 2013 3:28 PM

You've got to love hacker conferences. Software vulnerabilities are never going away, that much is obvious, but it's with competitions at hacker conferences where we can really see just how vulnerable the software we use every single day is. Putting this into perspective, prior to the Pwn2Own conference in Canada, Google patched-up ten bugs in Chrome - six of which were considered severe. Despite that, Chrome was hit with a zero-day during the conference that granted code execution in the browser's sandbox renderer process.

Chrome is hardly the only guilty party, however. Equally-severe exploits were presented for IE 10 under Windows 8, IE 9 under Windows 7, Firefox under Windows 7 and Safari under OS X Mountain Lion. Aside from browsers, Adobe's Flash and Oracle's Java also had some flaws demonstrated. Ironically, despite the sheer number of bugs creeping through the cracks for Java lately, the bounty on its exploit was only $20,000. By comparison, $100,000 was being offered for breaking Chrome under Windows 7.

For the hackers, these exploits have paid off handsomely, but fortunately for the rest of us, the execution specifics are going into lock-down, and the victim companies will be worked with privately to get the issues patched up.

  • | Post Points: 65
Top 10 Contributor
Posts 4,796
Points 45,500
Joined: Feb 2008
Location: Kennesaw
rapid1 replied on Thu, Mar 7 2013 3:40 PM
 Machine name: rapid1
 Operating System: Windows 7 Ultimate 64-bit (6.1, Build 7600) 
 System Model: Gigabyte X58A-UD5
 Processor: Intel(R) Core(TM) i7 CPU         930  @ 2.80GHz (8 CPUs), ~3.6GHz
 Memory: Kingston 6144MB RAM
  • | Post Points: 5
Top 10 Contributor
Posts 4,796
Points 45,500
Joined: Feb 2008
Location: Kennesaw
rapid1 replied on Thu, Mar 7 2013 3:44 PM

Anyone interested in getting in on a group buy (20% off) for a Max Mechanical keyboard click this or copy and paste this link

http://www.forums.custompcreview.com/f75/max-keyboard-group-buy-thread-13-a-1555/

and sign up for it I just got the group started but need some more participants.

 Machine name: rapid1
 Operating System: Windows 7 Ultimate 64-bit (6.1, Build 7600) 
 System Model: Gigabyte X58A-UD5
 Processor: Intel(R) Core(TM) i7 CPU         930  @ 2.80GHz (8 CPUs), ~3.6GHz
 Memory: Kingston 6144MB RAM
  • | Post Points: 5
Not Ranked
Posts 25
Points 135
Joined: Mar 2013

I love pwn2own. Thank you for the post.

  • | Post Points: 5
Top 10 Contributor
Posts 8,446
Points 102,230
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator

Seems that they ~all~ get busted every year.

It never seems to take long either.

Don't part with your illusions. When they are gone you may still exist, but you have ceased to live.

(Mark Twain)

  • | Post Points: 20
Top 10 Contributor
Posts 5,048
Points 60,675
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Fri, Mar 8 2013 12:21 PM

Doesn't take long because the participants have worked out the hacks for every OS/browser months in advance. The systems fall in the order of what's running on the most expensive hardware, since the contestants get to keep the hardware. That's why people generally take down the Apple stuff first.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 20
Top 10 Contributor
Posts 8,446
Points 102,230
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Fri, Mar 8 2013 12:32 PM

3vi1:
Doesn't take long because the participants have worked out the hacks for every OS/browser months in advance. The systems fall in the order of what's running on the most expensive hardware, since the contestants get to keep the hardware. That's why people generally take down the Apple stuff first.

Yeah, I've noticed that too. But they keep having competitions every year just to give away hardware. If any of them were to last for a while, they'll be crowing about how secure they are for months afterward. None of them really are.

If I were  putting my browser up against the others, I would release the most secure version the morning of the contest,.....LOL!

 

Don't part with your illusions. When they are gone you may still exist, but you have ceased to live.

(Mark Twain)

  • | Post Points: 20
Top 10 Contributor
Posts 5,048
Points 60,675
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Sat, Mar 9 2013 10:47 AM

>> If any of them were to last for a while, they'll be crowing about how secure they are for months afterward.

ChromeOS (Linux, with Chrome as the UI) has remained undefeated at Pwnium 3, despite the fact that Google offered $3.14159 million in bounties:

http://www.engadget.com/2013/03/08/chrome-os-fends-off-all-hacks-at-pwnium-3-others-fall-at-pwn2own/

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • Filed under:
  • | Post Points: 5
Page 1 of 1 (8 items) | RSS