The Pwn20wn 2019 grants researchers $270,000 for Firefox, Microsoft Edge, Apple Safari Hacks

The Pwn20wn 2019 grants researchers $270,000 for Firefox, Microsoft Edge, Apple Safari Hacks

White hat hackers garnered a total of $270,000 on Pwn20wn hacking competition where they demonstrated their hacking abilities on Mozilla Firefox and Microsoft Edge web browsers. 

Similarly, the team members of Fluoroacetate earned $50,000 for showing a Firefox exploit with kernel escalation. The attack comprised of a just-in-time (JIT) bug and an out-of-bounds writes flaw in the Windows kernel.



Boom! Another successful demonstration as phoenhex & qwerty (@_niklasb @qwertyoruiopz @bkth_) show off the Apple exploit. Off to the room of disclosure for full details and confirmation.

25 people are talking about this

According to the Zero Day Initiative (ZDI), the company responsible for organizing the Pwn20wn event, the Fluoroacetate team was able to execute code at SYSTEM level simply by using Firefox to visit their specially developed websites. 

The same team also won $130,000 for a complex Edge hack that made use of kernel escalation and a VM escape. The exploit leverages a certain type of bug in Edge, a race condition in the kernel and an out-of-bounds write issue in the VMware Workstation. 

When combined, these flaws enable the attacker to make the transition from a web browser running in a virtual machine to releasing arbitrary code on the host operating system. 

Niklas Baumstark won the second day’s third entry at the Pwn20wn 2019 for a JIT bug in Firefox and a logic flaw that allowed sandbox escape. His price money was $40,000. 

Lastly, Arthur Gerkis of Exodus Intelligence won $50,000 for a Microsoft Edge exploit with a sandbox escape. The attack utilized a double-free bug in the render component and a logic bug for bypassing the sandbox. 




According to the reports, all of the nine vulnerabilities discovered by the researchers have been addressed to their respective vendors. 

On the first day of the Pwn20wn, researchers earned a total of $240,000 in cash for exploits targeting Apple Safari’s web browser and the Oracle Virtual Box and VMware Workstation virtualization products. So far the total has exceeded over half a million dollars. 

The third day of the event was dedicated to automotive hacking. Through various experiments, the researchers can earn up to $300,000 along with a car if they could demonstrate any existing but unknown vulnerability in Tesla Model 3.


Source of the post : https://www.digitalinformationworld.com 

Post a Comment

0 Comments