Pwn2Own 2019 - Firefox, Edge, Windows, VMWare Hacked

In the second day of Pwn2Own 2019 contest, Ethical Hackers compromised Microsoft Edge, Mozilla Firefox, Windows, VMware and earned $270,000 USD in a single day by submitting 9 unique zero-day exploits.

The first day, 2 teams of researchers and 2 independent researchers have been made $240,000 USD by reporting 9 zero-day bugs in Safari, VMware, and Virtualbox.

Initially, on second-day Fluoroacetate (Amat Cama and Richard Zhu) came back and target the Mozilla Firefox with a kernel escalation which comes under web browser category.

In this case, they took advantage of the vulnerability in JIT along with an out-of-bounds write in the Windows kernel, for that they earned $50,000 and 5 Master of Pwn points.

Fluoroacetate team again come back to targeting the Microsoft Edge with a kernel escalation and a VMware escape which comes under web browser category.

According to ZDI, The Fluoroacetate team used a combination of a type confusion in Edge, a race condition in the kernel, and finally, a out-of-bounds write in VMware to go from a browser in a virtual client to executing code on the host OS. They earn $130,000 plus 13 Master of Pwn points.

The @fluoroacetate duo does it again. They used a type confusion in #Edge, a race condition in the kernel, then an out-of-bounds write in #VMware to go from a browser in a virtual client to executing code on the host OS. They earn $130K plus 13 Master of Pwn points. pic.twitter.com/mD13kozJLv
— Zero Day Initiative (@thezdi) March 21, 2019

*Richard Zhu and Amat Cama demonstrate **their** Firefox exploit*

Another Independent researcher Niklas Baumstark targeting Mozilla Firefox with a sandbox escape and he successfully demonstrate the JIT bug in Firefox, for that he earned $40,000 and 4 Master of Pwn points.

*Niklas Baumstark targets Mozilla Firefox along with a sandbox escape*

Success! @_niklasb was able to exploit #Firefox and perform his sandbox escape. Now off to the disclosure room for all the details of the bugs used.
— Zero Day Initiative (@thezdi) March 21, 2019

Finally, Ethical hacker Arthur Gerkis targeting Microsoft Edge with a sandbox escape as a final attempt of the day.

He used a double free in the render and logic bug to bypass the sandbox and earned him $50,000 and 5 points towards Master of Pwn.

*Arthur Gerkis of Exodus Intelligence demonstrates his Microsoft Edge exploit*

End of the second day ZDI rewarded $270,000 for 9 unique zero day. so totally $510,000 has been reward in first 2 days.

The results from #Pwn2Own Day Two are here. We awarded $270,000 for 9 different bugs in Mozilla #Firefox, Microsoft #Edge & #Windows, and #VMware Workstation. Read the details at https://t.co/2sO1Vz3qV1 #cansecwest
— Zero Day Initiative (@thezdi) March 22, 2019

3rd and Final day, tomorrow when ZDI debut the automotive category with the two final entries of Pwn2Own. please Stay tuned. We will update the 3 rd day result tomorrow.

Also, you can take this complete online Course Bundle if you want to learn Mastery Web Hacking & Bug Bounty

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Pwn2Own 2019 – Firefox, Edge, Windows, VMware Hacked – Ethical Hackers Earned $270,000 USD in Day 2

Latest articles

API Attack Simulation Webinar

Live API Attack Simulation

Related Articles

Connect with GBHackers On Security

Join 70,000 Security Professionals

Menu

Contact US: