The tenth meeting – contest hacker at Pwn2Own 2017 continues successfully. Products targeted by the teams included operating systems, programs web browsing, new Enterprise and server-side applications. The contest is run by Trend Micro Security and lasts for three days.
Adobe Reader, as well as Apache Web Server, were added to the contest by Pwn2Own 2017.
On the first day of Pwn2Own 2017, teams were able to successfully exploit vulnerabilities in Adobe Reader (twice), Apple Safari (twice), Microsoft Edge, and Ubuntu Desktop. Attacks against Google Chrome and Microsoft Windows have failed.
On the second day, the teams managed to hit Adobe Flash (twice), Microsoft Edge (twice), Apple Safari, Mac OS X, Mozilla Firefox, and Windows successfully this time.
Other attacks against Firefox, Windows, Microsoft Edge, Mac OS X, failed, and were blocked.
The third day is expected to see three additional efforts against the following goals: Microsoft Edge (twice), and VMWare Workstation.
Pwn2Own 2017 The results so far:
On the operating system side, three different platforms have been successfully compromised: Windows, Mac OS X, and Ubuntu Desktop.
On the side of browsers, Microsoft Edge, Firefox and Safari have been successfully compromised. An attempt against Chrome failed, and a second attack against Firefox also failed. Both Edge and Apple's Safari have been exploited many times.
On the application side now, Adobe, Flash Player and Reader products have been (unsurprisingly) successfully broken many times.
Surprisingly, it has been the many times of Edge's breach, which Microsoft mentions as the most secure browser.
Keep in mind that other Chromium-based browsers, such as Vivaldi or Opera, were not in the products that the teams chose to compete.
You can see videos with the results of the first day below.
Additional information for this year's Pwn2Own contest is available on the blog TrendMicro Zero Day Initiative.
