In the second day of Pwn2Own 2019 contest, Ethical Hackers compromised Microsoft Edge, Mozilla Firefox, Windows, VMware and earned $270,000 USD in a single day by submitting 9 unique zero-day exploits.
The first day, 2 teams of researchers and 2 independent researchers have been made $240,000 USD by reporting 9 zero-day bugs in Safari, VMware, and Virtualbox.
Initially, on second-day Fluoroacetate (Amat Cama and Richard Zhu) came back and target the Mozilla Firefox with a kernel escalation which comes under web browser category.
In this case, they took advantage of the vulnerability in JIT along with an out-of-bounds write in the Windows kernel, for that they earned $50,000 and 5 Master of Pwn points.
Fluoroacetate team again come back to targeting the Microsoft Edge with a kernel escalation and a VMware escape which comes under web browser category.
According to ZDI, The Fluoroacetate team used a combination of a type confusion in Edge, a race condition in the kernel, and finally, a out-of-bounds write in VMware to go from a browser in a virtual client to executing code on the host OS. They earn $130,000 plus 13 Master of Pwn points.
Another Independent researcher Niklas Baumstark targeting Mozilla Firefox with a sandbox escape and he successfully demonstrate the JIT bug in Firefox, for that he earned $40,000 and 4 Master of Pwn points.
He used a double free in the render and logic bug to bypass the sandbox and earned him $50,000 and 5 points towards Master of Pwn.
End of the second day ZDI rewarded $270,000 for 9 unique zero day. so totally $510,000 has been reward in first 2 days.
3rd and Final day, tomorrow when ZDI debut the automotive category with the two final entries of Pwn2Own. please Stay tuned. We will update the 3 rd day result tomorrow.