Welcome to Pwn2Own 2017 – the tenth anniversary of the competition and our largest Pwn2Own ever. This is also our largest contest ever with over $1,000,000 USD up for the taking – and continuing what we started last year, we’ll crown a “Master of Pwn” as the overall winner on Day Three.
As we do every year, the competition order was decided by random drawing in the contest room on the first day of the competition. This year’s event features 11 teams of contestants targeting products across four categories – 30 different attempts in total. Each contestant haves three attempts within their allotted timeslot to demonstrate the exploit.
The full schedule for Day One is below (all times PDT). We will update this schedule with results as they become available.
Day One – March 15, 2017
10:00am – 360 Security (@mj011sec) targeting Adobe Reader
SUCCESS: The team used a jpeg2000 heap overflow in Adobe Reader, a Windows kernel info leak, and an RCE through an uninitialized buffer in the Windows kernel to take down Adobe Reader. In the process, they have earned themselves $50,000 USD and 6 points towards Master of Pwn.
11:30am – Samuel Groß (@5aelo) and Niklas Baumstark (_niklasb) targeting Apple Safari with an escalation to root on macOS
PARTIAL SUCCESS: In a partial win, Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) earn some style points by leaving a special message on the touch bar of the Mac. They used a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate to root in macOS. They still managed to earn $28,000 USD and 9 Master of Pwn points.
1:00pm – Tencent Security – Team Ether targeting Microsoft Edge
SUCCESS: Tencent Security – Team Ether successfully exploits Microsoft edge through an arbitrary write in Chakra core. They used a logic bug to escape the sandbox and earn themselves $80,000 and 10 points for Master of Pwn.
2:00pm – Chaitin Security Research Lab (@ChaitinTech) targeting Ubuntu Desktop
SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) welcomes Ubuntu Linux to Pwn2Own with a Linux kernel heap out-of-bound access. They earned themselves $15,000 and 3 Master of Pwn points.
3:30pm – Tencent Security – Team Ether targeting Microsoft Windows
WITHDRAW: The team has withdrawn this entry from the competition.
5:00pm – Ralf-Philipp Weinmann targeting Microsoft Edge with a SYSTEM-level escalation
WITHDRAW: The contestant has withdrawn this entry from the competition.
6:00pm – Tencent Security – Team Sniper (Keen Lab and PC Mgr) targeting Google Chrome with a SYSTEM-level escalation
FAILURE: The team could not complete their exploit chain within the allotted time.
7:30pm – Tencent Security – Team Sniper (Keen Lab and PC Mgr) targeting Adobe Reader
SUCCESS: Tencent Security – Team Sniper (Keen Lab and PC Mgr) used an info leak in Reader followed by a UAF to get code execution, then they leveraged a UAF in the kernel to gain SYSTEM-level privileges, winning $25,000 and 6 Master of Pwn points.
8:30pm – Chaitin Security Research Lab (@ChaitinTech) targeting Apple Safari with an escalation to root on macOS
SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) successfuly exploited Apple Safari to gain root access on macOS by using a total of six bugs in their exploit chain including an info disclosure in Safari, four different type confusions bugs in the browser, and an a UAF in WindowServer. This earned the team $35,000 and 11 points towards Master of Pwn.
10:00pm – Richard Zhu (fluorescence) targeting Apple Safari with an escalation to root on macOS
FAILURE: The contestant could not complete their exploit chain within the allotted time.
Due to the number of entries, the schedule for Day Two will not be available until after 5:00pm PDT today.