Pwn2Own Hacking Contest Ends, Hackers Exploit Vulnerabilities in Windows, macOS, Ubuntu, Adobe, Safari, More

The spring 2020 edition of the Pwn2Own hacking competition is over, with the Fluoroacetate team crowned winner of this year with a score of nine points Master of Pwn. Pwn2Own is a hacking competition held annually at the CanSecWest security conference. The event started in 2007 and the contest takes place twice a year, the last one taking place in November 2019. Contestants for the Pwn2Own contest are challenged to take advantage of widely used software and mobile devices with unknown vulnerabilities before. This year, Pwn2Own was the first time that the hacking competition was organized online. The participants sent their exploits in advance to the organizers of Pwn2Own, who broadcast the code during a live broadcast with all the participants present.

The award-winning Fluoroacetate team is made up of two safety researchers named Amat Cama and Richard Zhu, who won the competition by scoring nine points in the two-day competition, a two point advantage over the finalists, the Georgia Tech Systems team and Security Lab This is the Fluoroacetate team's fourth victory over Pwn2Own below, according to a report from ZDNet.

The report said that during this iteration of the Pwn2Own competition, six teams successfully hacked applications and operating systems such as Windows, macOS, Ubuntu, Safari, Adobe Reader and Oracle VirtualBox. All bugs exploited during the contest were immediately reported to their respective companies.

Following are the results of every team's efforts:

1. The Georgia Tech Systems Software and Security Lab, the runners up of the competition targeted Apple's Safari browser with a macOS kernel escalation of privilege. The team used a six-bug exploit chain to pop the calculator app on MacOS and escalate its access rights to root. The team earned a $70,000 reward and 7 Master of Pwn points.
2. The winning team, Fluoroacetate's member targeted Microsoft Windows with a local privilege escalation. Their exploit was also reported successful and earned them a $40,000 reward, along with 4 Master of Pwn points.
3. A member from the RedRocket CTF Team targeted Ubuntu Desktop with a local privilege escalation. The hacker used an improper input validation bug to escalate privileges. He earned a reward of $30,000 and 3 Master of Pwn points.
4. The winning team Fluoroacetate targeted Microsoft Windows with a local privilege escalation as well. This won them $40,000 separately along with 4 more Master of Pwn Points.
5. The Fluoroacetate team also targeted Adobe Reader with a Windows local privilege, which was also successful, earning them 5 more Master of Pwn points and $50,000 more.

-Sumit Tiwari

#microsoft #linux #safari #cybersecurity #attack #euinac #ceo #ciso #microsoftedge #microsoft #firefox #hacking #ubantu