The 35 new security vulnerabilities revealed at the Pwn2Own hacking competition this week. The Pwn2Own hacking competition shows that security remains a work in progress.
The following vulnerabilities were successfully presented on Thursday in the Pwn2Own competition:
By an anonymous participant:
Against Google Chrome, an arbitrary read/write bug with a sandbox bypass resulting in code execution. Upon review, contest judges declared this a partial win due to one portion of the presentation’s collision with a vulnerability presented earlier at Pwnium.
By Sebastian Apelt and Andreas Schmidt:
Against Microsoft Internet Explorer, two use-after-free bugs and a kernel bug, resulting in system calculator.
By Liang Chen of Keen Team:
Against Apple Safari, a heap overflow along with a sandbox bypass, resulting in code execution.
By George Hotz:
Against Mozilla Firefox, an out-of-bound read/write resulting in code execution.
By Team VUPEN:
Against Google Chrome, a use-after-free affecting both Blink and WebKit along with a sandbox bypass, resulting in code execution.
By Zeguang Zhao of team509 and Liang Chen of Keen Team:
Against Adobe Flash, a heap overflow with a sandbox bypass, resulting in code execution.