HITB2016AMS

Pwn2Own Day 1: Researchers Win $282,500 by Hacking Chrome, Flash, Safari

During the first day of the Pwn2Own 2016 hacking contest that's taking place in Vancouver, Canada, hackers took home $282,500 for finding new security flaws in applications such as Adobe Flash, Google Chrome, and Apple Safari.

Leaders after the first day are the 360Vulcan Team (Qihoo 360) after they have demonstrated two successful exploits that pocketed them $132,500.

The first exploit was against Adobe Flash, which leveraged a type confusion bug in Flash, along with a use-after-free vulnerability in the Windows Kernel to run code with SYSTEM privileges on the machine. This pocketed the hackers $80,000. Their second exploit was against Google Chrome, where they combined four new bugs, two use-after-free vulnerabilities in Flash, one out-of-bounds vulnerability in Chrome, and one use-after-free vulnerability in the Windows Kernel, to execute code on the machine with SYSTEM privileges.

Tags: