• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 27th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

Hackers pwn Edge, Firefox, Safari, macOS, & VirtualBox at Pwn2Own 2018

March 20th, 2018 Waqas Hacking News, Security 0 comments
Hackers pwn Edge, Firefox, Safari, macOS, & VirtualBox at Pwn2Own 2018
Share on FacebookShare on Twitter

The white hat hackers at Pwn2Own 2018, have once again proved their elite skills and exposed critical security existing vulnerabilities in the products developed by popular vendors like Apple, Microsoft, Mozilla, and Oracle.

The Pwn2Own 2018 was organized by cybersecurity giant Trend Micro’s Zero Day Initiative at CanSecWest Vancouver, BC where hackers from all over the world took place to exploit zero-day flaws products developed by aforementioned popular vendors.

On the first day (March 14th, 2018) at Pwn2Own 2018, a whitehat hacker Richard Zhu who goes by the online handle of fluorescence targeted Apple’s Safari browser with a sandbox escape but failed to achieve the target in 30 minutes of allotted time, but, upon targeting Microsoft’s Edge browser by exploiting two use-after-free security flaws Zhu managed to hack the browser to earn $70,000.

On the same day, another whitehat hacker from phoenhex team targeted Oracle VirtualBox by using Out-of-bounds (OOB) read and a Time of Check-Time of Use (toctou) bugs which turned out to be partially successful. Niklas earned $27,000 for his effort.

Another whitehat hacker Samuel Groß from phoenhex team successfully targeted Apple Safari browser using a JIT optimization bug in the browser, a macOS logic bug, and a kernel overwrite to execute code to successfully exploit Apple Safari. For his successful hack, he earned $65,000.

Confirmed! @5aelo used a JIT optimization bug in the browser, a macOS logic bug, & a kernel overwrite to execute code to successfully exploit Apple Safari. This chain earned him $65K & 6 points Master of Pwn points. pic.twitter.com/iLfNFnXzzs

— Zero Day Initiative (@thezdi) March 15, 2018

On day two, (March 15, 2018) Richard Zhu made a comeback by hacking Firebox browsing using out-of-bounds read flaw vulnerability and an integer overflow in the Windows kernel to pop FireFox and execute his code with elevated privileges.

More: Come and Take a Hit, if you Dare! Declares the Pentagon
More: Mobile Pwn2Own: Hackers pwn iPhone, Huawei, Galaxy and Pixel Phone
More: Safari, Ubuntu Linux, Edge, and Adobe Reader, Hacked At Pwn2Own 2017

For hacking Firefox, Zhu received a whopping amount of $50,000 prize money as well as the Master of Pwn award. In total, Zhu was able to earn $120,000 from his Microsoft’s Edge and Firefox browser hacks.

Congrats to @RZ_fluorescence on being named Master of Pwn for #Pwn2Own 2018! His exploits for Edge and Firefox earned him $120,000, this sweet jacket, and the trophy. We hope he returns in the future to defend his title. pic.twitter.com/ljKhmjJrHn

— Zero Day Initiative (@thezdi) March 16, 2018

Then came in Markus Gaasedelen, Nick Burnett and Patrick Biernat of Ret2 Systems, Inc. who targeted Apple Safari with a macOS kernel EoP. However, according to Pwn2Own rules, hackers must demonstrate successful hack within three attempts but in this case, the team was able to do so on the fourth attempt.

Ret2 Systems could not win any prize money but Pwn2Own purchased and disclosed the bugs to Apple through our normal process.

The last team to try their luck at Pwn2Own was MWR Labs whose hackers Alex Plaskett, Georgi Geshev, and Fabi Beterke targeted Apple Safari with a sandbox escape. The team leveraged a heap buffer underflow in the browser and an uninitialized stack variable in macOS to exploit Safari and escape the sandbox. In doing so, they earned $55,000 and 5 Master of Pwn points.

In total, organizers awarded $267,000 for the two-day contest whereas hackers discovered one Mozilla bug, two Oracle bugs, four Microsoft bugs and five Apple bugs. In the next step, the organizers will reach out to the targeted vendors with the security flaws discovered during Pwn2Own 2018.

  • Tags
  • Apple
  • Firefox
  • hacking
  • macOS
  • Microsoft
  • Mozilla
  • Oracle
  • Pwn2Own
  • Safari
  • security
  • VirtualBox
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article Social media accounts of Cambridge Analytica whistleblower suspended
Next article IBM Developing World’s Tiniest Computer Smaller than a Grain of Salt
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

54
Why you should never use free a VPN
Drones

Why you should never use free a VPN

46
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

413

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us