Firefox, Chrome, IE, Safari EXPLOITED to OWN Mac, PCs at Pwn2Own 2015

Let's say those $225k winnings moved me ... to a bigger house!

Security vulns in every one of the big four web browsers were exploited at the Pwn2Own hacking contest on Friday to remotely execute arbitrary code on Windows PCs.

Firefox, Safari, Chrome and Internet Explorer all fell to the skills of the competition entrants, some in less than a second.

All the vulnerabilities exploited will be privately disclosed to the affected software makers so patches can be released. Details are deliberately vague at the moment in the interests of responsible disclosure.

One man will be leaving Vancouver with a huge grin on his face and a very healthy bank balance, enough to help him move to a better house. South Korean security researcher Jung Hoon Lee, who uses the handle "lokihardt," scooped $225,000 (and the laptops he compromised) after an epic bout of intrusion.

Firstly Lee hammered 64-bit Internet Explorer 11 with a time-of-check to time-of-use (TOCTOU) vulnerability and a sandbox escape through privileged JavaScript injection to get past Windows' security software and pull off medium-integrity remote code execution (with the same privileges as a logged-in user). That netted him $65,000 for the feat.

Youtube Video

He then compromised the stable and beta versions of Google Chrome by exploiting a buffer overflow bug in a race condition to reach into the Windows operating system, where he used an information leak and a race condition bug in two kernel drivers to perform full SYSTEM-level remote code execution.

The hackery earned him $75,000 for the Chrome bug, an extra $25,000 for the privilege escalation to SYSTEM, and a bonus $10,000 from Google for cracking its beta version of the browser, all in two minutes. That's a pay scale of $916 a second.

For his finale, Lee nailed Apple's Safari with a use-after-free (UAF) vulnerability involving an uninitialized stack pointer, and bypassed the sandbox to perform remote code execution on an OS X Mac. This earned him a $50,000 bonus, bringing his earnings to $225,000 for the day.

But the speed demon of the contest was a hacker using the name ilxu1a, who managed to remotely compromise Mozilla's Firefox in less than a second. He had spotted a vulnerability by static analysis alone, rather than fuzzing, and used an out-of-bounds read/write vulnerability leading to medium-integrity code execution in the browser, and a $15,000 prize.

While the hackers are going to be happy with the last two days, browser manufacturers and customers are going to be less pleased. But it's one of the strengths of competitions like Pwn2Own that coders can earn decent cash to find these flaws, and the rest of us save a lot of money by getting them fixed before others discover the security blunders. ®

Tech Resources

What WAF is right for you

Applications are architected in many ways, but all need protection from threats. Learn the most important things to consider when choosing a WAF.

Webcast Slide Deck | How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Anatomy of a Private Cloud

Learn the key elements that combined, build a true Private Cloud

Biting the hand that feeds IT © 1998–2021