• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Zero Day Initiative   »   Welcome to Pwn2Own 2017 – The Schedule

Welcome to Pwn2Own 2017 – The Schedule

  • Posted on:March 15, 2017
  • Posted in:Zero Day Initiative
  • Posted by:
    Dustin Childs (Zero Day Initiative Communications)
0

Welcome to Pwn2Own 2017 – the tenth anniversary of the competition and our largest Pwn2Own ever. This is also our largest contest ever with over $1,000,000 USD up for the taking – and continuing what we started last year, we’ll crown a “Master of Pwn” as the overall winner on Day Three.

As we do every year, the competition order was decided by random drawing in the contest room on the first day of the competition. This year’s event features 11 teams of contestants targeting products across four categories – 30 different attempts in total. Each contestant haves three attempts within their allotted timeslot to demonstrate the exploit.

The full schedule for Day One is below (all times PDT). We will update this schedule with results as they become available.

Day One – March 15, 2017

10:00am – 360 Security (@mj011sec) targeting Adobe Reader
SUCCESS: The team used a jpeg2000 heap overflow in Adobe Reader, a Windows kernel info leak, and an RCE through an uninitialized buffer in the Windows kernel to take down Adobe Reader. In the process, they have earned themselves $50,000 USD and 6 points towards Master of Pwn.

11:30am – Samuel Groß (@5aelo) and Niklas Baumstark (_niklasb) targeting Apple Safari with an escalation to root on macOS
PARTIAL SUCCESS: In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.

1:00pm – Tencent Security – Team Ether targeting Microsoft Edge
SUCCESS: Tencent Security – Team Ether successfully exploits Microsoft edge through an arbitrary write in Chakra core. They used a logic bug to escape the sandbox and earn themselves $80,000 and 10 points for Master of Pwn.

2:00pm – Chaitin Security Research Lab (@ChaitinTech) targeting Ubuntu Desktop
SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) welcomes Ubuntu Linux to Pwn2Own with a Linux kernel heap out-of-bound access. They earned themselves $15,000 and 3 Master of Pwn points.

3:30pm – Tencent Security – Team Ether targeting Microsoft Windows
WITHDRAW: The team has withdrawn this entry from the competition.

5:00pm – Ralf-Philipp Weinmann targeting Microsoft Edge with a SYSTEM-level escalation
WITHDRAW: The contestant has withdrawn this entry from the competition.

6:00pm – Tencent Security – Team Sniper (Keen Lab and PC Mgr) targeting Google Chrome with a SYSTEM-level escalation
FAILURE: The team could not complete their exploit chain within the allotted time.

7:30pm – Tencent Security – Team Sniper (Keen Lab and PC Mgr) targeting Adobe Reader
SUCCESS: Tencent Security – Team Sniper (Keen Lab and PC Mgr) used an info leak in Reader followed by a UAF to get code execution, then they leveraged a UAF in the kernel to gain SYSTEM-level privileges, winning $25,000 and 6 Master of Pwn points.

8:30pm – Chaitin Security Research Lab (@ChaitinTech) targeting Apple Safari with an escalation to root on macOS
SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) successfuly exploited Apple Safari to gain root access on macOS by using a total of six bugs in their exploit chain including an info disclosure in Safari, four different type confusions bugs in the browser, and an a UAF in WindowServer.  This earned the team $35,000 and 11 points towards Master of Pwn.

10:00pm – Richard Zhu (fluorescence) targeting Apple Safari with an escalation to root on macOS
FAILURE: The contestant could not complete their exploit chain within the allotted time.

Due to the number of entries, the schedule for Day Two will not be available until after 5:00pm PDT today.

Related posts:

  1. Pwn2Own 2017 – Day Two Schedule and Results
  2. Pwn2Own 2017 – Day Three Schedule and Results
  3. The Results – Pwn2Own 2017 Day One
  4. The Results – Pwn2Own 2017 Day Two

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Cloud-based Email Threats Capitalized on Chaos of COVID-19
  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.