Security Affairs
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Pwn2Own 2019 Day 2 – Hackers earned $270,000 for Firefox, Edge hacks

On the second day of the Pwn2Own 2019 hacking competition, white hat hackers earned a total of $270,000 for exploits against the Mozilla Firefox and Microsoft Edge web browsers. Day 2 at Pwn2Own 2019 hacking competition – White hat hackers earned $270,000 for exploits against the Mozilla Firefox and Microsoft Edge browsers. The security duo […]

VMware Pwn2Own 2019

On the second day of the Pwn2Own 2019 hacking competition, white hat hackers earned a total of $270,000 for exploits against the Mozilla Firefox and Microsoft Edge web browsers.

Day 2 at Pwn2Own 2019 hacking competition – White hat hackers earned $270,000 for exploits against the Mozilla Firefox and Microsoft Edge browsers.

The security duo Amat Cama and Richard Zhu of team Fluoroacetate earned $50,000 for a Firefox exploit with kernel escalation. The experts chained a just-in-time (JIT) bug and an out-of-bounds write flaw in the Windows kernel.

“They were able to execute code at SYSTEM level just by using Firefox to visit their specially crafted website,” reads the post published by the Zero Day Initiative (ZDI). “The effort earned them another $50,000 and five more points towards Master of Pwn.”

Pwn2Own 2019

Amat Cama and Richard Zhu also earned $130,000 and 13 Master of Pwn points for a complex Edge hack that chained a race condition in the kernel to escalate privilege and an out-of-bounds write issue in VMware Workstation to escape the sandbox. The duo demonstrated that an attacker can exploit the bug in the web browser running in a virtual machine to execute arbitrary code on the host operating system.

The two experts already have racked up a total of $340,000 in the first teo days.

The second day of Pwn2Own 2019 sees Niklas Baumstark (@_niklasb) earning $40,000 and 4 Master of Pwn points for a JIT bug in Firefox and a logic flaw that allowed a sandbox escape.

“In a real-world scenario, an attacker could use this to run their code on a target system at the level of the logged-on user. The successful demonstration earned him $40,000 and 4 Master of Pwn points.” continues the post.

The last hack of the day was demonstrated by Arthur Gerkis of Exodus Intelligence that earned $50,000 for a Microsoft Edge exploit with a sandbox escape. The exploit leverages a double-free bug in the render component and a logic bug for bypassing the sandbox.

If you are interested in exploits demonstrated in the first day of the
Pwn2Own 2019 read here.

During the first day, participants hacked Apple Safari browser, Oracle VirtualBox and VMware Workstation.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Pwn2Own 2019 , hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]