Pwn2Own 2013 is being held in Canada as a part of the CanSecWest conference. As expected, all major browsers have been broken by the contestants.
Security researchers from MWR Labs demonstrated a full sandbox bypass exploit against the latest stable version of Google Chrome.
“By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process. We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privileges,” MWR Labs representatives wrote.
French security firm VUPEN announced that they have broken Internet Explorer 10 on Windows 8, Firefox 19 on Windows 7, and Java.
“We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass,” VUPEN wrote on Twitter.
“We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP,” the company said again after two hours.
Josh Drake of Accuvant Labs and James Forshaw of Contextis was also successful in breaking Java.
Pwn2own 2013 has come with more than $560,000 in prize money for finding vulnerabilities and demonstrations of exploits in the major web browsers, Adobe Reader, Adobe Flash or Java.
Teams are stilll trying to crack more version of browsers and famous George Hotz is taking a crack at Adobe Reader. We will update all exciting news from pwn2Own 2013.
For all latest updates, subscribe Techlomedia.
