- Joined
- 6 May 2012
- Messages
- 5,049
- Solutions
- 6
- Reaction score
- 8,895
At the Hewlett-Packard Zero Day Initiative (ZDI) sponsored Pwn2Own hacking challenge, security researchers were able to exploit all major web browsers and take home a total of $240,000 in prize money.
The second day of the event saw Mozilla Firefox, Microsoft Internet Explorer, Google Chrome and Apple Safari being exploited by the researchers. One of the researchers took less than a second to exploit Firefox's out-of-bounds memory vulnerability.
Daniel Veditz, principal security engineer at Mozilla said that it is not surprising that a well-crafted exploit in advance would not take much execution time and given the micro seconds that the researchers exploited the browser, it is understood that they had been working on exploits long before coming for the challenge.
A report on Eweek noted that Mozilla Firefox was exploited twice at the Vancouver event. Another researcher demonstrated three different browser exploits against IE 11, Chrome and Apple Safari.
Overall, Brian Gorenc, manager of vulnerability research for HP Security Research, said that one of the surprises at the Pwn2Own 2015 event was the amount of Windows kernel vulnerabilities that showed up.
It is to be noted that the Pwn2Own 2015 event, every browser was exploited, even though all the browsers had been patched by their respective vendors. However, it is important to remember that the people who come out to compete at Pwn2Own are some of the best security researchers in the world.
Firefox, Internet Explorer, Chrome, Safari - all major Web browsers hacked by security researchers - IBNLive