Published on March 20th, 2016 📆 | 2592 Views ⚑0
Pwn2own 2016 day 1: Hackers expose issues with Google Chrome, Apple Safari and Adobe Reader
Hackers at Pwn2own, the annual browser-hacking competition in Vancouver, Canada, have successfully unveiled new security flaws in Google Chrome, Apple Safari and Adobe Reader, among others, taking home around $282,500 (£195,300).
The 2016 Pwn2own event is being sponsored by Hewlett Packard and Trend Micro. The event is held each year, with leading tech giants like Google, Apple and others in attendance, encouraging researchers and hackers to actually attempt to hack into their browsers.
Commenting on the flaws uncovered, Trend Micro's Global Threat Communications manager Christopher Budd said, "The [Windows] kernel vulnerability was a use-after-free vulnerability. They successfully chained both of these to compromise the target at the system level. One of the vulnerabilities was in Safari, the other three were vulnerabilities within Mac OS X."
Hackers unveiled vulnerabilities within Mac OS X, Windows 10, Chrome, Safari and Adobe. A group of hackers called the 360Vulcan Team won $132,500 after hacking into Adobe and Chrome and exposing vulnerabilities. The team exposed a issues in Windows Kernel and an out-of-bounds vulnerability within Chrome.
JungHoon Lee, an independent security researcher won $60,000 after exploiting Apple's Safari and exposing several vulnerabilities in the tech firm's OS X desktop software. One of the three teams of Chinese firm Tencent's, Shield, uncovered new vulnerabilities within Apple's Safari, which led them to winning $40,000. Further, Tencent's Team Sniper successfully targeted and exploited Flash, winning the team a $50,000 award.
Day two of the event will involve Team Sniper taking yet another aim at Safari, while Lee is slated to take on both Chrome and Microsoft's Edge browser, according to a report .
The event is advantageous to both hackers and tech companies, as it provides the former with a chance to showcase their talent and the latter with the information required to tighten security flaws in their products.