The exploit combined two vulnerabilities, one in Safari and one in another privileged process, and earned the team $40,000.
OS X CHROME FLASH PLAYER CODE
Meanwhile, 360Vulcan Team, which is currently in the lead, has no other demonstrations scheduled.Ĭhinese Internet giant Tencent has three teams in the contest, with members from several of its subsidiaries.ĭuring the first day, Tencent Security Team Shield demonstrated an attack against Safari to achieve root-level code execution. He still has time to come on top this year, too, because he was scheduled to attempt attacks against Chrome and Microsoft Edge on Thursday, the contest's second day. It's worth noting that during last year's edition of Pwn2Own, JungHoon Lee was the most successful contestant, taking home $225,000, almost half of the total payout. The privilege escalation bonus of $20,000 is available for both Windows and OS X. This year, Safari exploits are rewarded with $40,000, compared to $60,000 for Chrome and Microsoft Edge on Windows. He also combined four vulnerabilities, earning a $60,000 prize. South Korean researcher JungHoon Lee, known in hacking circles as lokihardt, demonstrated a remote code execution attack against Apple Safari on OS X with an escalation to root privileges.
The team still won $52,500, putting their first-day payout at $132,500. The attack was considered only a partial win, because the Chrome flaw had previously been reported to Google by an independent researcher without the team's knowledge, so it didn't qualify as a zero-day. For that attack, they combined exploits for four vulnerabilities: one in Chrome, two in Flash and one in the Windows kernel. Later in the day, the same team demonstrated a remote code execution attack against Google Chrome on Windows that members also managed to escalate to system.
0 kommentar(er)
