Fully patched versions of Firefox, Chrome, IE 11 and Safari exploited at Pwn2Own hacking competition

[Shawn Knight]

As in years past, the latest patched versions of the most popular web browsers around stood little chance against those competing in the annual Pwn2Own hacking competition. The usual suspects – Apple Safari, Google Chrome, Mozilla Firefox and Microsoft Internet Explorer – all went down during the two-day competition, earning researchers a collective total of $557,500 in prize money.

The event, which took place at the CanSecWest conference in Vancouver, was sponsored by the Hewlett-Packard Zero Day Initiative. During the first day, HP awarded $317,500 to researchers that exploited flaws in Adobe Flash, Adobe Reader, Internet Explorer and Firefox.

eWeek notes that the first reward, paid to a hacker by the name of ilxu1a, was for an out-of-bounds memory vulnerability in Firefox. It took less than a second to execute which earned him a cool $15,000.

Firefox was exploited twice during the event. Daniel Veditz, principal security engineer at Mozilla, said the foundation was on hand during the event to get the bug details from HP. Engineers are already working on a fix back at home, he added, that could be ready as early as today.

Another security researcher, JungHoon Lee, managed to demonstrate exploits against Chrome, IE 11 and Safari. As you can imagine, he walked away with quite a bit of money: $75,000 for the Chrome bug, $65,000 for IE and $50,000 for the Safari vulnerability. He also received two bonuses totaling $35,000.

Permalink to story.

https://www.techspot.com/news/60121-fully-patched-versions-firefox-chrome-ie-11-safari.html

 

[VitalyT]

This is one truly great event in the industry, thumbs up, so useful to everyone, except to the hackers who didn't participate.

I wish I could say it was 100% pure, without any shady agenda, but I would be lying, since hackers expose themselves, they all get into CIA and FBI books for good.

 

[Guest]

Damn, I should get into this.

 

[Skidmarksdeluxe]

Why find a real job? That's too much like hard work. This is a great way to make a living, and it's legal too.

 

[wastedkill]

JungHoon Lee Walked in with nothing and came out with a quarter of a million bucks!!!!

 

[oldikes]

Why find a real job? That's too much like hard work. This is a great way to make a living, and it's legal too.

Its a perfectly real job. and very respectable too.

 

[Skidmarksdeluxe]

Why find a real job? That's too much like hard work. This is a great way to make a living, and it's legal too.

Its a perfectly real job. and very respectable too.

I was being sarcastic for a change but I have to agree, if you have the talent why not get paid for it, it is legit after all. Not everybody has the skills to do something like this and it's because of them our browsers are safer.

 

[Jad Chaar]

$225,000 for hacking and finding vulnerabilities?! That is insane! I bet 90% of that money went to Flash exploits . Imagine if Java was there --they would be giving away billions lmao.

 

[OortCloud]

I'm not a hacker myself, but I imagine these are some pretty technical people who are putting an awful lot of effort into this - so (black) hats off to them for earning some money and highlighting issues which can then be fixed before somebody less legitimate finds them.

 

[Guest]

This is like saying become a rockstar instead of getting a real job. It isn't easy to become the best.