U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Major Browsers hacked at Pwn2Own hacking competition

At the  Pwn2Own hacking competition two researchers hacked the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Safari. Two researchers on Thursday successfully hacked the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, at the Pwn2Own, the annual hacking contest in Vancouver. In particular the Korean researcher […]

Major Browsers hacked at Pwn2Own hacking competition

At the  Pwn2Own hacking competition two researchers hacked the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Safari.

Two researchers on Thursday successfully hacked the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, at the Pwn2Own, the annual hacking contest in Vancouver.

In particular the Korean researcher Jung Hoon Lee earned $110,000 in just two minutes, the man used 2000 lines of code to take down both stable and beta versions of Chrome by exploiting a buffer overflow race condition in the browser.

pwn2own internet-explorer-hack

Lee also hacked in the same day a 64-bit version of IE 11 exploiting a time-of-check to time-of-use (TOCTOU) vulnerability. The flaw exploited between the time a file property is checked and the time the file is used, allowed the research a privilege escalation. Lee awesome, because he closed the day exploiting a use-after-free vulnerability to take down Safari browser.

In just one day, Lee earned about $ 225,000 hacking the main browser. GREAT JOB!

Lee isn’t the unique expert that demonstrated the vulnerability of principal browsers. A researcher operating under the pseudonym ilxu1a hacked Mozilla browser. The researchers discovered an out-of-bounds read/write vulnerability through static analysis and by exploiting it he obtained a medium-integrity code execution. The same exploit did not work for Chrome.

In the following list are reported the list of bugs discovered in the principal browsers during the Pwn2Own hacking competition hosted by HP’s Zero Day Initiative and Google’s Project Zero:

  • Microsoft Windows: 5 bugs
  • Microsoft IE 11: 4 bugs
  • Mozilla Firefox: 3 bugs
  • Adobe Reader: 3 bugs
  • Adobe Flash: 3 bugs
  • Apple Safari: 2 bugs
  • Google Chrome: 1 bug

The total amount of money paid to the researchers is $442,500 … I love the Pwn2Own competition because gives value to the knowledge and power to the research!

Pierluigi Paganini

(Security Affairs – browser, Pwn2Own )