Pwn2Own 2013: first results

    In Vancouver, the Pwn2Own contest continues, which takes place as part of the CanSecWest conference . As usual, the French company VUPEN is in the spotlight. Chaouki Bekrar ( Chaouki Bekrar , VUPEN CEO of) commented :

    Competitions of this kind, which are essentially a game, take a lot of time and resources, although they are well paid. VUPEN also takes part in this competition, as a company that studies vulnerabilities and sells exploits to private clients. The time and effort spent was well worth it, thanks to the high cash rewards. We thought a lot about whether to participate in the contest this year, because the cost of creating a reliable exploit is very high. It took several weeks to search for vulnerabilities in IE 10 and a few more weeks to develop a reliable exploit.

    The pricing this year for finding vulnerabilities and successful operation for browsers was as follows :
    • Google Chrome on Windows 7 ($ 100,000)
    • Microsoft IE 10 on Windows 8 ($ 100,000)
    • Microsoft IE 9 on Windows 7 ($ 75,000)
    • Mozilla Firefox on Windows 7 ($ 60,000)
    • Apple Safari on OS X Mountain Lion ($ 65,000)

    For browser plug-ins for IE 9 on Windows 7:
    • Adobe Reader XI ($ 70,000)
    • Adobe Flash ($ 70,000)
    • Oracle Java ($ 20,000)

    The rules stipulate that the above applications will run on Windows 7, 8 and OS X Mountain Lion with the latest updates. Also, the components to be used will be in the default settings, like most users. The vulnerability used must be previously unknown (0day) and not published. Participants are given 30 minutes. to demonstrate successful operation.

    VUPEN resellers successfully exploited the Firefox browser, using a vulnerability such as use-after-free and a technique to bypass DEP and ASLR. VUPEN also hacked (pw0ned) the MS Surface Pro tablet using two IE 10 vulnerabilities and bypassing the sandbox in it. Java was pw0ned by VUPEN and Accuvant Labs using heap overflow.

    Successful operation of Google Chrome, with a sandbox bypass, by MWR Labs reservers .

    Also popular now: