Saturday, March 10, 2012

Firefox, Chrome And IE9 All Fall At Pwn2Own 2012

This year's Pwn2Own hacking contest saw almost all of your favorite browsers falling to "zero-day" exploits with only Apple's Safari standing untested at the end of the day.

HP TippingPoint's Zero Day Initiative (ZDI), Pwn2Own's sponsor, as well as Google who sponsored their first-ever hacking event called "Pwnium," have confirmed that Chrome, Internet Explorer 9 (IE9) and Firefox have all fallen to zero-day attacks exploiting a previously unknown vulnerability in the most up-to-date versions of each browser. In each case the security teams were able to bypass the browsers security to take complete control of the target machine and run malicious code.

ZDI has confirmed that for the first year Safari was the only browser not attacked.

This marks a significant change for Google. As to date, there are no known reports of a zero-day attack ever hitting Chrome in the wild, and at the previous three years' contests, Chrome was the only browser to escape unscathed. With Internet Explorer, Firefox, and Safari all being brought down by exploits.

Final results from Pwn2Own 2012: 1 Chrome and 1 Internet Explorer 0day from @VUPEN and 1 Firefox 0day from @_snagg and @_dvorak_. @VUPEN took 1st place netting $60k while @_snagg, and @_dvorak_ too 2nd places netting $30k.

Google also paid out $60k to Sergey Glazunov, a regular Chrome bug hunter, who during the first day of the contest, demonstrated an exploit that completely bypassed Chrome's sandbox. This exploit was later fixed and detailed by Google's Chrome team in a security update.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you