Recent PWNFEST sends Google and Apple back to Basics — Hackers pwned Google Pixel and Apple Safari browser — Before this, the same hackers hacked Microsoft Edge and VMware all in few seconds.
PWNFEST is an event organized in Seoul, South Korea where teams of white-hat hackers come to compete for cash prizes. The prizes are conditional upon finding a vulnerability in the latest software and devices developed by various tech firms.
Yesterday we reported how Chinese and South Korean group of hackers hacked Microsoft Edge and VMware. This time the participants gave a hard time to tech giants Google and Apple after working out an exploit in their latest products, Google Pixel and Safari on MacOS Sierra respectively.
Google Pixel hacked under 60 seconds
A team by the name of Qihoo 360 from South Korea managed to break into Google Pixel Android smartphone within just a minute. Qihoo 360 demonstrated an exploit that allowed hackers to conduct remote code execution attack on the Pixel. The attack launched Google Play Store and then the mobile version of Google Chrome before showing a deface message that read “Pwned by 360 Alpha Team.”
As a result, the team bagged in the cash prize of $120,000 for discovering the vulnerability. Additionally, it also found out certain weaknesses in Microsoft Edge – the latest Windows 10 Internet Browser – along with Adobe Flash. A total of $520k went to Qihoo 360.
Apple Safari hacked in 20 seconds
Just like Qihoo 360, a team by the name of Pangu along with JH from China managed to hack into Safari running on MacOS Sierra in just 20 seconds. The hack resulted in gaining them root access to the app. Pangu was also able to successfully jailbreak the latest version of iOS.
— vangelis (@vangelis_at_POC) November 11, 2016
The endeavor led the teams winning a total of $100k at PWNFEST. As for Apple, Microsoft and Google, they all have embarked on the mission to fix these vulnerabilities as soon as possible before any unauthorized access takes place. Currently, the details about the exploits haven’t been made public but the platform owners and vendors have been informed about them.