• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Pwn2Own contest reveals bugs in Safari, Edge

Pwn2Own contest reveals bugs in Safari, Edge

  • Posted on:April 11, 2016
  • Posted in:Industry News
  • Posted by:
    Noah Gamer
0
Welcome, hackers! Here's a recap of Pwn2Own 2016.

Pwn2Own is a hacking contest held during the CanSecWest security conference every year in Vancouver. The event is designed to allow hackers to bring system vulnerabilities to light in widely used software and mobile devices. There are hefty cash prizes for finding holes in common programs, and vendors leave with an idea of how to fix these security gaps. In all, it's an event sponsored by Trend Micro and Hewlett Packard Enterprise that leads to benefits for both vendors and consumers.

Pwn2Own 2016

This year's CanSecWest conference took place March 16 to 18 at the Sheraton Wall Centre in Vancouver. Attendees could sit in on classes and listen to industry professionals speak on various topics. For instance, cyber security expert Joe FitzPatrick taught a class called "Applied Physical Attacks on x86 Systems." Basically, the point of these classes and panels is to educate professionals about certain vulnerabilities within the systems they use on a daily basis so that they can apply this knowledge to security patches down the line.

The hacking contest portion of the conference was successful at bringing some vulnerabilities to light. The 2016 conference welcomed five hacking teams that made 11 attempts over the course of two days. On the first day, according to Trend Micro's Christopher Budd, a total of $282,500 in prizes was distributed to the teams.

South Korean hacker JungHoon Lee, acting by himself instead of as part of a team, won $60,000 on the first day alone for exploiting vulnerabilities in the Apple Safari browser, among others. Lee's alias during this event was lokihardt, and he has competed in previous years. At the end of the second day, the team that won the most points and thus came away with the coveted title of Master of Pwn was Tencent Security Team Sniper, with Lee coming in second place. In total, three Safari bugs were exploited, two in Microsoft Edge and four in Adobe Flash Player.

Previous years

In 2015, the story was much the same, with one familiar hacker dominating the event. According to ZDNet, Lee ruled the day, eventually taking home $225,000 in prize money for finding the most bugs in the allowed systems. He even found one bug in Google Chrome, which is notoriously difficult to hack.

"With all of this, lokihardt managed to get the single biggest payout of the competition, not to mention the single biggest payout in Pwn2Own history: $75,000 USD for the Chrome bug, an extra $25,000 for the privilege escalation to SYSTEM and another $10,000 from Google for hitting the beta version for a grand total of $110,000," Pwn2Own organizers from HPE wrote in a blog post. "To put it another way, lokihardt earned roughly $916 a second for his two-minute demonstration."

All told, Pwn2Own found five bugs in the Windows operating system, four in Internet Explorer 11, three in Mozilla Firefox and three bugs in Adobe Reader, among others.

What's the point?

What are the goals of the Pwn2Own hacking contest? There are a few things that security firms set out to accomplish when they attend. According to TechTarget, once a device has been hacked at this event, sponsors will send the information to the vendor so that the company can strengthen its program's or device's security based on the data provided.

Therefore, as vendors learn more about the vulnerabilities in their software and devices, they can strengthen their cyber security, which in turn bolsters that of their customers. How can consumers and businesses alike steer clear of these bugs in the programs they use on a daily basis? Implementing effective cyber security solutions could be the answer to this issue. By investing in these kinds of tools, they can protect their systems and make sure their data is safeguarded against malicious actors.

Related posts:

  1. The Results – Pwn2Own Day Three
  2. Pwn2Own: Day 2 and Event Wrap-Up
  3. Pwn2Own 2017 – An Event for the Ages
  4. This Week in Security News: Pwn2Own Adds Industrial Control Systems to Hacking Contest and Cyber Crooks Target ESports

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.