Pwn2Own 2015 pwns major software titles

One of my favorite yearly security conferences is the Pwn2Own competition. In its humble beginnings, security researchers faced off against fully up-to-date laptops running Linux, Mac OS X, and Windows. The goal of the white hats was to demonstrate a day-zero security vulnerability that no one had seen before. Originally, the prize for pulling off this feat was to win the hardware. Today, many pieces of that original competition remain, but now there is a truckload of money to be won, too.

Happily, the Pwn2Own competition has avoided becoming focused on a specific vendor. Charlie Miller, for example, repeatedly demonstrated his skill at picking apart OS X, Safari, and iOS to the world. No operating system, browser, or application is safe at Pwn2Own, and that's an important lesson for computing.

This year's competition saw the biggest prize bounties ever, including a Chrome exploit from JungHoon Lee (lokihardt) that broke free of the browser's sandbox and then chained into a privilege escalation in Windows to gain system-level control over the box. This chain of exploits worked against both Chrome stable and beta, and it netted Lee $110,000 for an attack that took a mere two minutes to demonstrate.

In total, the two days of the competition unearthed:

Five bugs in Windows
Four bugs in IE11
Three bugs in Adobe Flash
Three bugs in Adobe Reader
Three bugs in Firefox
Two bugs in Safari
One bug in Chrome

This collection resulted in a total payout of $557,500 rewarded to the winning participants. That figure might have gone higher, but one participant ran out of time to complete his demonstration of another exploit in Chrome.

Operating systems and browsers continue to try and make security holes less common and more contained. These measures are forcing the bad guys to leverage multiple exploits together, thus increasing development time. Still, the Pwn2Own contest shows just how clever and successful a determined attacker can be.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.