Update: Pwn2Own ends with all attackers winning
Contributed by: Email on 03/08/2013 11:14 AM
[
Comments
]
The Pwn2Own competition at CanSecWest has come to an end with the second day being like the first day. No web browser plugin survived being attacked and Adobe Flash, Adobe Reader XI and Java were all successfully hacked. Vupen security, who had demonstrated exploits of Internet Explorer 10, Firefox and Java on day one, returned with an exploit for Adobe Flash. George Hotz took down Adobe Reader and the day ended with Ben Murphy's exploit of Java, making it the fourth Java "pwning" of the contest.
In response to day one's exploits, both Mozilla and Google have shipped updates to their browsers. Mozilla's Firefox has been updated to version 19.0.2 with a fix for the vulnerability; the same fix, for a use-after-free in the HTML editor which could lead to arbitrary code execution, has also been applied to Firefox ESR 17.0.4, Thunderbird (ESR) 17.0.4 and SeaMonkey 2.16.1. Google has updated the stable channel for Chrome on Windows, Mac OS X and Linux for the type confusion flaw that was exploited by Nils and Jon of MWR Labs at Pwn2Own. Both the Firefox and Chrome updates are automatically downloaded by browsers and installed on browser restarts.
By the end of Pwn2Own, at least $420,000 of the $500,000 prize fund will have been presented as prizes. Today, the attention moves on to Google's Pwnium competition, with a $3.14159 million prize fund and up to $150,000 prizes for exploits that survive reboots.
In response to day one's exploits, both Mozilla and Google have shipped updates to their browsers. Mozilla's Firefox has been updated to version 19.0.2 with a fix for the vulnerability; the same fix, for a use-after-free in the HTML editor which could lead to arbitrary code execution, has also been applied to Firefox ESR 17.0.4, Thunderbird (ESR) 17.0.4 and SeaMonkey 2.16.1. Google has updated the stable channel for Chrome on Windows, Mac OS X and Linux for the type confusion flaw that was exploited by Nils and Jon of MWR Labs at Pwn2Own. Both the Firefox and Chrome updates are automatically downloaded by browsers and installed on browser restarts.
By the end of Pwn2Own, at least $420,000 of the $500,000 prize fund will have been presented as prizes. Today, the attention moves on to Google's Pwnium competition, with a $3.14159 million prize fund and up to $150,000 prizes for exploits that survive reboots.
Comments
