Pwn2Own all browsers vulnerable except Safari for Mac OS X

On this year of Pwn2Own at CanSecWest the security researches managed to take down most of the successful browser.

Security researchers managed to ‘pwn’ Microsoft Internet Explorer, Google Chrome, Firefox from Mozilla.

But that is not the end of it; they also managed to compromise java from Oracle, Adobe Flash Player and Adobe reader too bagging a lot of cash prizes.

 

Pwn2Own is a competition that is held every year in which competitors try to bring a device down or ‘pwn’ it using any previously unknown vulnerability.

The winner not only gets the device but also earns cash prizes.

 

The prizes earned this year by all of the contestants totaled to a $480,000 that included the hardware they managed to compromise and the rewards by HP Zero Day Initiative, which is program for rewarding those security researchers who disclose any vulnerability responsibly.

This year was a big win for French based security company VUPEN who earned themselves $70,000. They managed to comprise

 

·       Internet Explorer on Windows 8

·       Mozilla Firefox 19 on Windows 7

·       Java 7 on Windows 7

·       Adobe Flash Player

They also exploited Java by teaming up with Joshua Drake of Accuvant, independent researchers Ben Murphy, and James Foreshaw of Context Information Security. 

Other winners were George Hotz who compromised Adobe Reader and MWR researcher Nils and Jon Butler brought down Google Chrome to its knees.

 

The only browser that was able to stand against all the attacks was the Apple Safari running on a Mac OS X Mountain Lion.

Chrome is most hard hit because of its sandbox while Java has such a diverse codebase that makes it the easiest target to be exploited.

The participants brought down most of the browsers by using mostly their plug-in based issues. And all of the successful exploits were bought by HP Zero Day Initiative.

 

After the Pwn2Own most of the companies are busy in patching up their browsers.

Mozilla fixed the vulnerability that lead Firefox 19 get pwned by personnel of VUPEN Security. Similarly Google updated the latest chrome fixing flaws that gave MWR labs team a window of opportunity.  

Adobe did issued updates for Adobe Flash Player but surprisingly not the flaws discovered at Pwn2Own.

 

“The connection found in the discovered vulnerabilities & web browser IT security is a real complex challenge that will not improve in the short future."  explains Tim Erlin.