That's it Pwn2Own 2014, one event you are doing these days along with CanSecWest at Vancouver, he began. the point is how it started. From day one the contestants revealed vulnerable σημεία στο Safari, το Firefox,τον Internet Explorer, και κλασικά στο Adobe Flash και Reader.
Rewards for discovering vulnerabilities from day one have reached $ 400,000. Most of this money went to a French research firm VUPEN. The company's researchers managed to discover a total of four vulnerabilities.
They discovered one use-after-free on its sandbox Internet Explorer. THE vulnerability μπορεί να χρησιμοποιηθεί για την εκτέλεση αυθαίρετου κώδικα. Ένα Overflow with PDF in the Adobe reader sandbox can also be used to execute malicious code.
VUPEN experts also presented one use-after-free which can act as a lever to execute malicious code in Firefox. Additionally they managed to bypass the Internet Explorer 11 sandbox of their Windows 8.1 with a vulnerability use-after-free causing object confusion at the broker
VUPEN researchers received a total of $ 300,000.
Researchers Jüri Aedla and Mariusz Mlynski managed to hack Firefox. Aedla discovered one out-of-bound read / write can be used to run malicious code
Mlynski discovered two security gaps : a privilege escalation flaw that could be exploited to bypass browser security measures. Each of the experts got $50.000.
The organizing initiative belongs to TippingPoint Zero Day Initiative (ZDI) and Google, which, as co-sponsor of Pwn2Own 2014, took part in Pwn4Fun. Experts from Google and ZDi presented their own exploitsAnd all the proceeds to be made available for the Red Cross of Canada.
"At Pwn4Fun, Google presented a very impressive exploit for Apple's Safari. The exploit runs it Safari launching Calculator as a root on Mac OS X. ZDi has multiplied exploits, including a flexible bypass of the Internet Explorer sandbox, ”said the contest organizers.
82.500 dollars will be available on the Red Cross of Canada.
