Pwn2Own  - Pwn2Own 2019  1 - Pwn2Own 2019 – Firefox, Edge, Windows, VMWare Hacked

In the second day of Pwn2Own contest, Ethical compromised Microsoft Edge, Mozilla Firefox, , VMware and earned $270,000 USD in a single day by submitting 9 unique zero-day exploits.

The first day, 2 teams of researchers and 2 independent researchers have been made $240,000 USD by reporting 9 zero-day bugs in Safari, VMware, and Virtualbox.

Initially, on second-day Fluoroacetate (Amat Cama and Richard Zhu) came back and target the Mozilla Firefox with a kernel escalation which comes under web browser category.

In this case, they took advantage of the vulnerability in JIT along with an out-of-bounds write in the Windows kernel, for that they earned $50,000 and 5 Master of Pwn points.

Fluoroacetate team again come back to targeting the Microsoft Edge with a kernel escalation and a VMware escape which comes under web browser category.

According to ZDI, The Fluoroacetate team used a combination of a type confusion in Edge, a race condition in the kernel, and finally, a out-of-bounds write in VMware to go from a browser in a virtual client to executing code on the host OS. They earn $1,000 plus 13 Master of Pwn points.

Another Independent researcher Niklas Baumstark targeting Mozilla Firefox with a sandbox escape and he successfully demonstrate the JIT bug in Firefox, for that he earned $40,000 and 4 Master of Pwn points.

Finally, Ethical Arthur Gerkis targeting Microsoft Edge with a sandbox escape as a final attempt of the day.

He used a free in the render and logic bug to bypass the sandbox and earned him $50,000 and 5 points towards Master of Pwn.

End of the second day ZDI rewarded $270,000 for 9 unique zero day. so totally $510,000 has been reward in first 2 days.

3rd and Final day, tomorrow when ZDI debut the automotive category with the two final entries of Pwn2Own. please tuned. We will update the 3 rd day result tomorrow.

Also, you can take this complete online Course Bundle if you want to learn Mastery Web Hacking & Bug Bounty

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.





Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here