Pwn2Own Day Two: Safari, Microsoft Edge Go Down Winner Announced

2016-03-18T10:54:06
ID THREATPOST:DEE4A871A77B8FF14914431F55D7CBAC
Type threatpost
Reporter Tom Spring
Modified 2016-03-18T15:31:30

Description

In the end, it was a nail-biter pitting Tencent Security Team Sniper (KeenLab and PC Manager) against JungHoon Lee (lokihardt) for the title of Master of Pwn for Pwn2Own 2016. After a tense last two minutes of the competition, it was Tencent Security Team Sniper and its successful code execution of a vulnerability in Microsoft’s Edge browser that earned it the title Master of Pwn for Pwn2Own 2016.

The challenge wrapped up Thursday with JungHoon Lee tied for second with 360Vulcan Team. Tencent Security Team Shield placed fourth. Each were vying for the hacker title Master of Pwn at Pwn2Own 2016, which concluded Thursday and was held in tandem with the CanSecWest security conference and hosted by Hewlett Packard Enterprise, Trend Micro, and the Zero Day Initiative.

Prize money of $460,000 and a total 98 Pwn points for Pwn2Own 2016 were awarded as follows:

  • Tencent Security Team Sniper (KeenLab and PC Manager): 38 Master of Pwn points and $142,500
  • JungHoon Lee (lokihardt): 25 Master of Pwn points and $145,000
  • 360Vulcan Team: 25 Master of Pwn points and $132,500
  • Tencent Security Team Shield: 10 Master of Pwn points and $40,000

Day two started out with two failed attempts to find and exploit vulnerabilities in Google Chrome browser by JungHoon Lee and Adobe Flash in system context by Tencent Security Team Sniper. It came down to the third and final attempt by both Tencent Security Team Sniper and JungHoon Lee.

Tencent Security Team Sniper was able to demonstrate a successful code execution attack against Safari to gain root privileges using a use-after-free vulnerability in Safari and an out-of-bounds vulnerability in Mac OS X.

Next up, JungHoon Lee successfully performed a code execution attack against Microsoft’s Edge browser in the system context using an uninitialized stack variable vulnerability in Edge and a directory traversal vulnerability in Microsoft Windows to get system-level privileges.

After two days of competition Tencent Security Team Sniper edged out JungHoon Lee with 13 more Pwn points and earning them the top Master of Pwn for Pwn2Own 2016 title.

> #Pwn2Own 2016 Awards: Master of Pwn Tencent Security Team Sniper. Master of Pwn Smoking Jacket (front view). pic.twitter.com/VnWQfyOrVl > > — Zero Day Initiative (@thezdi) March 17, 2016

In all teams at this year’s tournament found 21 new vulnerabilities in Microsoft Windows (6), Apple OS X (5), Adobe Flash (4), Apple Safari (3), Microsoft Edge (2) and one in Google Chrome (a duplicate of a previous, independently reported vulnerability).

Most notably, according to event organizers, was this year six new kernel vulnerabilities were uncovered. “Every successful attack achieved system or root privileges. This is a Pwn2Own first. It’s also a very worrying development,” wrote Christopher Budd, global threat communications for Trend Micro, in a blog post.

After two days of competition, coming out looking the best in terms of vendors was Google with only two out five attempted hacks successful (again, only previously reported vulnerabilities were exploited). Teams were only able to successfully hack Adobe Flash four out of five times. And Apple Safari was compromised three for three times and Microsoft Edge was two for two when it comes to successful attacks.