Welcome to Pwn2Own 2017 – Researchers hacked Adobe Reader, Edge, Ubuntu, and Safari

Pierluigi Paganini March 17, 2017

Pwn2Own 2017 is started, as usual, it is a great event to see hackers at work. In the first day, experts hacked Edge, Safari, Ubuntu, and Adobe Reader.

Pwn2Own 2017 competition held in Vancouver (Canada) is started, as usual, it is a great event to see hackers at work. In the first day Bug bounty hunters have managed to hack Microsoft Edge, Safari, Ubuntu, and Adobe Reader.

Pwn2Own 2017

This is the 10th anniversary of the Pwn2Own hacking contest, it was arranged by Trend Micro and the Zero Day Initiative (ZDI) that introduced new exploit categories.

11 Groups vie for a prize pool of $1 million, the products to hack are organized into five categories, virtual machine (VM) escapes, web browsers and plugins, local privilege escalation, enterprise applications, and server side.

On the first day, the participants earned a total of $233,000 to have disclosed exploits.

The day started with the success of a success the researcher @mj011sec from Chinese security firm Qihoo360 who earned $50,000 for hacking Adobe Reader on Windows and his team win 6 points towards Master of Pwn.

The hacker and his team exploited a jpeg2000 heap overflow in Adobe Reader, a Windows kernel info leak, and an RCE through an uninitialized buffer in the Windows kernel to take down Adobe Reader. In the process, they have earned themselves $50,000 USD and 6 points towards Master of Pwn.

Adobe Reader was also successfully hacked by components of the Team Sniper from Tencent Security. The hackers exploited use-after-free and information disclosure flaws to achieve code execution, and a use-after-free in the kernel to obtain SYSTEM-level permissions. The team earned $25,000 for its exploits and 6 Master of Pwn points.

Mid-morning researchers Samuel Groß (@5aelo) and Niklas Baumstark (_niklasb) partially hacked Apple Safari with an escalation to root on macOS. The duo used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They were prized with earn style points for displaying a special message on the targeted Mac’s touch bar, they earned $28,000 USD and 9 Master of Pwn points.macOS.

They were prized with earn style points for displaying a special message on the targeted Mac’s touch bar, they earned $28,000 USD and 9 Master of Pwn points.macOS.

In the afternoon the Chaitin Security Research Lab (@ChaitinTech) hacked Ubuntu Desktop exploiting a Linux kernel heap out-of-bound access, they earned $15,000 and 3 Master of Pwn points. This is the first time for an Ubuntu Linux hack at the Pwn2Own.

The same group reached another success at the end of the day hacking Apple Safari with an escalation to root on macOS.
The attack chained a total of six bugs, including an info disclosure in Safari, four different type confusions bugs in the browser, and a UAF in WindowServer.  The team earned $35,000 and 11 points towards Master of Pwn.Master of Pwn.

The highest reward,$80,000, was assigned to the Tencent Security’s Team Ether for hack Microsoft’s Edge browser leveraging an arbitrary write bug in Chakra and a logic bug to escape the sandbox. The team of hackers earned $80,000 and 10 points for Master of Pwn.

Of course, there were also some failed attempts at the Pwn2Own 2017, the Tencent Security – Team Sniper (Keen Lab and PC Mgr) that targeted Google Chrome with a SYSTEM-level escalation were not able to complete their exploit chain within the allotted time.

The researchers Richard Zhu (fluorescence) targeting Apple Safari with an escalation to root on macOS did not complete the exploit chain within the allotted time too.did not complete the exploit chain within the allotted time too.

Team Ether had signed up to hack Windows as well, but they withdrew the entry as well as the researcher Ralf-Philipp Weinmann, who attempted the Edge hack.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Pwn2Own 2017, hacking)



you might also like

leave a comment