On the first day of the famous competition hackers Pwn2Own 2019, which takes place in Vancouver, Canada, experts managed to hack the Safari browser from Apple, as well as products for virtualization — Oracle VirtualBox and VMware Workstation. As a result, researchers earned $240 000.
Total amount of prize money Pwn2Own this year amounted to one million dollars. It can also be noted that for the first time in the history of the contest, the participants suggested to try to hack the Tesla Model 3. If successful, professionals can receive up to $300 000.
On the first day of competition Amat Kama and Richard Zu team Fluoroacetate earned $55 000 for an exploit for Safari. The method of attack on the browser from Apple was the buffer overflow, which led to bypass the built-in sandbox.
An interesting point in case of attack Safari is that the researchers used brute force to “escape from the sandbox”.
The same experts got $35 000 for hacking into Oracle VirtualBox. Hack this product was only at the second attempt. Kama and Memory used integer overflow and “race condition” to escalate privileges and execute arbitrary code.
This pair of experts have successfully hacked the virtual machine VMware Workstation, which resulted in the possibility of code execution in the system host. Total amount of prize money for researchers Fluoroacetate was $160 000.
Another expert team phoenhex & qwerty earned $45,000 for an exploit for Safari with the ability to elevate privileges to kernel level. To exploit this vulnerability, a user only need to lured to a malicious website.
The next day, hackers will try to hack browsers Mozilla Firefox and Microsoft Edge.
Read more •••