This week the annual hacking competition Pwn2own took place in Vancouver, Canada. The organizer, HP ZDI (Zero Day Initiative), has been holding the security investigation since 2006 as part of the security conference CanSecWest. The sponsors HP and Google had this time awarded prize money in a total of more than one million US dollars.
The objectives were the browsers Chrome, Firefox, Internet Explorer and Safari as well as the plug-ins Flash Player, Adobe Reader and Java. The target platform was Windows 8.1, except for Apple Safari running on OS X Mavericks. In order to win a prize money, it was necessary to use a security gap, which had previously been unknown, to start the pocket calculator program of the operating system with the code inserted. In an emergency, an attacker would be able to execute arbitrary code.
First of all, teams of the sponsors HP ZDI and Google have joined the series "Pwn4fun". The Google researchers demonstrated a safari hack, the HP team used a gap in Internet Explorer to start the pocket calculator. Together, the two hacks donated a $ 82,500 donation to the Canadian Red Cross.
Seven hackers and research teams have joined the competition. The successful team of the French company VUPEN, which had already been successful in the previous year, has been in the baggage with several exploits. It has demonstrated vulnerable vulnerabilities in Chrome, Firefox, Internet Explorer, Adobe Reader and Flash Player. The included exploits against Safari and Java remained in the case.
The Chinese Keen team has demonstrated exploits against Safari and the Flash Player. American researchers Sebastian Apelt and Andreas Schmidt have cracked Internet Explorer 11. The browsers Mozilla Firefox and Internet Explorer were hacked four times, Chrome and Safari twice, Pwn4fun counted. In total, the sponsors paid prize money of 850,000 dollars to the contestants. In addition, there are donations from Pwn4fun as well as other awards.
All exploited security gaps were handed over to the present representatives of the respective software manufacturers. These will provide updates in the near future to eliminate the weaknesses in their products. For example, a new version of Firefox is already announced for the coming week.
No comments:
Post a Comment