Home Uncategories Pwn2Own: Fast Recap
at

Pwn2Own: Fast Recap

Add Comment Edit

Pwn2Own  Out of many attempts , those were successful .

 one was partially successful and one failed. A total of 15 new vulnerabilities
were demonstrated and information passed on to the vendors so they can address them appropriately.
In addition, the DVLabs team worked directly with the researchers to identify the information needed to create filters for the Digital Vaccine.
This filter set will be available this Tuesday March 22, 2016 and provides exclusive protection for our TippingPoint customers against 



Some Details : 
  1. JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Apple Safari to gain root privileges. The attack consisted of four new vulnerabilities: a use-after-free vulnerability in Safari and three additional vulnerabilities, including a heap overflow to escalate to root. This demonstration earned 10 Master of Pwn points and US$60,000.
  2. 360Vulcan Team: Demonstrated a successful code execution attack against Adobe Flash using a Flash confusion bug with use-after-free vulnerability in the Windows Kernel to run code in the SYSTEM context. This demonstration earned 13 Master of Pwn points and US$80,000.
  3. Tencent Security Team Shield (PC Manager and KeenLab): Demonstrated a successful code execution attack against Apple Safari to gain root privileges using two use-after-free vulnerabilities, one in Safari and the other in a privileged process. This demonstration earned 10 Master of Pwn points and US$40,000.
  4. 360Vulcan Team: Demonstrated a successful code execution attack against Google Chrome in the SYSTEM context. The attack used four vulnerabilities: two use-after-free vulnerabilities in Adobe Flash, one use-after-free vulnerability in the Windows Kernel and an out-of-bounds vulnerability in Google Chrome. This was a partial win due to the Google Chrome vulnerability being a duplicate of a previous, independent report to Google. This demonstration earned 12 Master of Pwn points and US$52,500.
  5. Tencent Security Team Sniper (KeenLab and PC Manager): Demonstrated a successful code execution attack against an out-of-bounds vulnerability in Adobe Flash that use an infoleak vulnerability and a use-after-free vulnerability in the Windows Kernel to achieve SYSTEM context. This demonstration earned 13 Master of Pwn points and US$50,000.
  6. Tencent Xuanwu Lab: Adobe Flash in Microsoft Edge: This attempt failed.

Share this:

CONVERSATION

0 comments:

Post a Comment

Subscribe to: Post Comments ( Atom )