• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Network   »   Pwn2Own: Day 2 and Event Wrap-Up

Pwn2Own: Day 2 and Event Wrap-Up

  • Posted on:March 18, 2016
  • Posted in:Network, Security
  • Posted by:Christopher Budd (Global Threat Communications)
0

The second and final day of the 2016 Pwn2Own competition wrapped up today.

By the afternoon an already exciting competition shifted into high-gear when two attempts failed in a row (a Pwn2Own first) and the top prize of Master of Pwn came down to the success or failure of the last attempt of the event by Tencent Security Team Sniper (KeenLab and PC Manager). After only two minutes, their demonstration succeeded making them the Master of Pwn for Pwn2Own 2016 with 38 Master of Pwn points and US$142,500. JungHoon Lee tied for second with 25 Master of Pwn points and US$145,000. 360Vulcan Team also tied for second with 25 Master of Pwn points and US$132,500. Tencent Security Team Shield came in fourth with 10 Master of Pwn points and US$40,000. All total, 98 Master of Pwn Points and US$ 460,000 were earned by these four teams.

Overall the event was very successful. It was the largest event in the history of Pwn2Own and resulted in 21 new vulnerabilities. For a full breakdown, see “Pwn2Own 2016 in Numbers” below.

As fun as the Pwn2Own competition is, ultimately it is serious business about understanding the current threats and weaknesses. This year’s competition succeeds in that regard. While it’s easy to focus on the state of browser security as shown at Pwn2Own, the real, important, technical story is about the state of kernel security. EVERY successful attack achieved SYSTEM or root privileges. This is a Pwn2Own first. It’s also a very worrying development. As ZDI researcher Jasiel Spelman noted, researchers and attackers are likely focusing on the kernel in response to advances in sandboxing. It’s a truism in security that when you harden one area, attackers and researchers will move their attention to another one. Based on Pwn2Own 2016, it appears that’s happening with a shift to focus on the kernel. This is also borne out by what we’re seeing in Linux lately: while Linux is outside the focus of Pwn2Own, we’ve seen a number of Linux kernel issues lately.

Hopefully, operating system vendors and maintainers will hear the message and give a renewed focus to the security of their kernels. This trend is likely to continue into the future.

Meanwhile, Pwn2Own 2016 has been a great event to kick off TippingPoint, ZDI and DVLabs joining Trend Micro.

image 2

Pwn2Own 2016 in Numbers:

Total prizes awarded:

  • Master of Pwn Points: 98
  • Cash: US$ 460,000

Number of Attempts:

  • Fully Successful: 7 (64%)
  • Partially Successful: 1 (9%)
  • Failed: 3 (27%)

Number of Successful Attempts Against:

  • Apple Safari: 3/3 (100% Success)
  • Microsoft Edge: 2 /2 (100% Success)
  • Adobe Flash: 4/5 (75% Success)
  • Google Chrome: .5/2 (25% Success) NOTE: The actual vulnerability in Google Chrome had already been independently reported to Google; this is counted a partial success)

Percentage of Successful or Partially Successful attacks that achieved SYSTEM or root privilege: 100%

Contestant Success Standings:

  • Tencent Security Team Sniper (KeenLab and PC Manager): 3/3 (100% Success)
  • 360Vulcan Team: 1.5/2 (75% Success)
  • JungHoon Lee (lokihardt): 2/3 (66% Success)
  • Tencent Security Team Shield (PC Manager and KeenLab): 1/2 (50% Success)
  • Tencent Xuanwu Lab: 0/1 (0% Success)

Awards:

  • Most Master of Pwn Points Awarded in a Single Attempt: 15 – JungHoon Lee (lokihardt) against Microsoft Edge in the SYSTEM context and Tencent Security Team Sniper (KeenLab and PC Manager) against Microsoft Edge in the SYSTEM context.
  • Biggest Cash Prize Awarded in a Single Attempt: US$85,000 JungHoon Lee (lokihardt) against Microsoft Edge in the SYSTEM context.

Number of new vulnerabilities:

  • Microsoft Windows: 6
  • Apple OS X: 5
  • Adobe Flash: 4
  • Apple Safari: 3
  • Microsoft Edge: 2
  • Google Chrome: 1 (a duplicate of a previous, independently reported vulnerability)
  • Total: 21

Total number of new browser vulnerabilities: 6

Total number of new kernel vulnerabilities: 6

Day 2 Details:

  • Tencent Security Team Sniper (KeenLab and PC Manager): Demonstrated a successful code execution attack against Safari to gain root privileges using an use-after-free vulnerability in Safari and an out-of-bounds vulnerability in Mac OS X. This demonstration earned them 10 Master of Pwn Points and US$40,000.
  • JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Microsoft Edge in the SYSTEM context using an uninitialized stack variable vulnerability in Microsoft Edge and a directory traversal vulnerability in Microsoft Windows to get SYSTEM privilege. This demonstration earned him 15 Master of Pwn points and US$85,000.
  • JungHoon Lee (lokihardt): Attempted to demonstrate a code execution attack against Google Chrome. This attempt failed.
  • Tencent Security Team Shield (PC Manager and KeenLab): Attempted to demonstrate a code execution attack against Adobe Flash in SYSTEM context. This attempt failed.
  • Tencent Security Team Sniper (KeenLab and PC Manager): Demonstrated a successful code execution vulnerability against Microsoft Edge in the SYSTEM context using an out-of-bounds vulnerability in Microsoft Edge and a buffer overflow vulnerability in the Kernel. This demonstration earned them 15 Master of Pwn points and US$52,500.

Related posts:

  1. Pwn2Own 2016 Has Begun
  2. Pwn2Own 2017 – Day Three Schedule and Results
  3. Pwn2Own 2017 – Day Two Schedule and Results
  4. Pwn2Own 2017 – An Event for the Ages

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Offerings Are FedRAMP Authorized and Available on AWS
  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.