Pwn2Own 2019 – Firefox, Edge, Windows, VMware Hacked – Ethical Hackers Earned $270,000 USD in Day 2

In the second day of Pwn2Own 2019 contest, Ethical Hackers compromised Microsoft Edge, Mozilla Firefox, Windows, VMware and earned $270,000 USD in a single day by submitting 9 unique zero-day exploits.

The first day, 2 teams of researchers and 2 independent researchers have been made $240,000 USD by reporting 9 zero-day bugs in Safari, VMware, and Virtualbox.

Initially, on second-day Fluoroacetate (Amat Cama and Richard Zhu) came back and target the Mozilla Firefox with a kernel escalation which comes under web browser category.

In this case, they took advantage of the vulnerability in JIT along with an out-of-bounds write in the Windows kernel, for that they earned $50,000 and 5 Master of Pwn points.

Fluoroacetate team again come back to targeting the Microsoft Edge with a kernel escalation and a VMware escape which comes under web browser category.

According to ZDI, The Fluoroacetate team used a combination of a type confusion in Edge, a race condition in the kernel, and finally, a out-of-bounds write in VMware to go from a browser in a virtual client to executing code on the host OS. They earn $130,000 plus 13 Master of Pwn points.

Richard Zhu and Amat Cama demonstrate their Firefox exploit

Another Independent researcher Niklas Baumstark targeting Mozilla Firefox with a sandbox escape and he successfully demonstrate the JIT bug in Firefox, for that he earned $40,000 and 4 Master of Pwn points.

Niklas Baumstark targets Mozilla Firefox along with a sandbox escape

Finally, Ethical hacker Arthur Gerkis targeting Microsoft Edge with a sandbox escape as a final attempt of the day.

He used a double free in the render and logic bug to bypass the sandbox and earned him $50,000 and 5 points towards Master of Pwn.

End of the second day ZDI rewarded $270,000 for 9 unique zero day. so totally $510,000 has been reward in first 2 days.

3rd and Final day, tomorrow when ZDI debut the automotive category with the two final entries of Pwn2Own. please Stay tuned. We will update the 3 rd day result tomorrow.

Also, you can take this complete online Course Bundle if you want to learn Mastery Web Hacking & Bug Bounty

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Threat Actor Leaks Data from Major Bulletproof Hosting Provider Medialand

A threat actor disclosed internal data from Medialand, a prominent bulletproof hosting (BPH) provider long…

1 hour ago

Morphing Meerkat: A PhaaS Utilizing DNS Reconnaissance to Generate Targeted Phishing Pages

Originally discovered in 2020 as a Phishing-as-a-Service (PhaaS) platform, Morphing Meerkat has since evolved into…

1 hour ago

Hackers Abuse Windows .RDP Files to Launch Unauthorized Remote Desktop Sessions

The Google Threat Intelligence Group (GTIG) has unearthed a novel phishing campaign leveraging Windows Remote…

1 hour ago

Linux 6.15-rc1 Released: Better Drivers, Faster Performance

The Linux kernel community has witnessed another milestone with the release of Linux 6.15-rc1, the…

2 hours ago

Google Patches Actively Exploited Android 0-Day Vulnerability

Google has issued critical security updates to address a recently discovered zero-day vulnerability actively exploited…

2 hours ago

Kellogg’s Servers Breached, Hackers Steal Sensitive Data

WK Kellogg Co., one of the world's leading cereal and snack manufacturers, has fallen victim…

3 hours ago