Hewlett-Packard’s Pwn2Own competition ended last week with the security claims of all four major web browsers left in tatters. Chrome, Internet Explorer, Firefox, and Safari were all successfully hacked; giving the researchers full system access in some of the more extreme cases. Fortunately, this was all done in the name of science and the developers behind the browsers will be more aware of their vulnerabilities.
The biggest achievement of the two day event came from Jung Hoon Lee, aka lokihardt, who entered without a team. Lee started the day by warming up and exploiting a time-of-check vulnerability in the 64-bit version of Internet Explorer 11. He evaded all defence mechanisms and manage to achieve medium-integrity code execution. He also won some US$65,000 (about RM240,000) for it.
Two other browsers also fell to Lee, who demonstrated an exploit that affects both the stable and beta versions of Google Chrome. The exploit allowed him to gain SYSTEM access, and more importantly netted him the largest payout in Pwn2Own history. The Chrome bug was worth US$75,000 (about RM276,000), while the SYSTEM access added an additional US$25,000 (about RM92,000). Hitting the beta version as well was worth another US$10,000 (about RM37,000); bringing his total winnings for the single exploit to US$110,000 (about RM405,000).
Lee ended the day by using a use-after-free vulnerability to by-pass the sandbox in Apple Safari to achieve code execution. Essentially proving that just about any browser can be hacked and nobody is really safe from a dedicated attack. Overall, Lee’s earnings for the day totalled US$225,000 (about RM829,000).
Other teams had also exploited vulnerabilities in major web browsers, Adobe Reader, Adobe Flash, and Windows to bring the overall payout from the competition to US$557,500. To qualify for a bounty, the vulnerability used must have been previously unknown and the researcher must have been able to break through the built-in defences.