Earlier this week, Pwn2Own Vancouver 2019 kicked off with participants from all around the world. This year was the first time in the contest’s history to include an automotive category. The event was sponsored by Microsoft, VMware, and Tesla.
Over the course of three days, numerous events were organized that took down various software and operating systems. So, let’s tell you about them one by one along with the prize money for each hack:
Safari
The Fluoroacetate team (the duo of Amat Cama and Richard Zhu) was able to successfully exploit Apple’s homegrown browser. The team bypassed the sandbox feature using integer overflow and heap overflow. Their brute force technique earned them a handsome $55,000 reward.
Boom! Another successful demonstration as phoenhex & qwerty (@_niklasb @qwertyoruiopz @bkth_) show off the Apple #Safari exploit. Off to the room of disclosure for full details and confirmation. pic.twitter.com/vWkLxT801p
— Zero Day Initiative (@thezdi) March 20, 2019
In another event, the phoenhex & qwerty team took down Safari with the help of kernel elevation. They triggered a JIT bug by browsing their website and then tried to exploit a Time-of-Check-Time-of-Use (TOCTOU) bug. As Apple is already aware of one of the bugs, it was considered a partial win. However, the team ended up winning $45,000.
Mozilla Firefox
Confirmed! The duo from @fluoroacetate used a JIT bug in #Firefox and an out-of-bounds write in the #Windows kernel to earn themselves $50,000 and 5 more Master of Pwn points. pic.twitter.com/fJPw2T9wJj
— Zero Day Initiative (@thezdi) March 21, 2019
The Fluoroacetate team also targeted the Firefox web browser by exploiting a JIT bug. It was followed by an out-of-bounds write in the Windows kernel. Lastly, they visited a specially designed site and ended up winning $50,000.
Another attempt to hack Firefox was made by Niklas Baumstark who also used JIT bug and logic bug to fool the sandbox. He was awarded $40,000 prize money.
Microsoft Edge
In case you’re wondering, Fluoroacetate didn’t spare Microsoft’s Edge browser. They opened Edge via a VMWare workstation and used an exploit to take down the underlying Windows host. This win earned them a massive prize money of $130,000.
That was fast! @ax330d wasted no time showing off his successful demo of a #Microsoft #Edge exploit. Now he’s off to the disclosure room for verification. pic.twitter.com/3GUPlD1wup
— Zero Day Initiative (@thezdi) March 21, 2019
Edge was further targeted by Arthur Gerkis of Exodus Intelligence, who used a double free bug followed by a logic bug to avoid the sandbox. He won a $50,000 prize money.
Tesla
Last but not least, Tesla became the ultimate target of the prolific Fluoroacetate duo. They hacked a Tesla Model 3 by exploiting a JIT bug, and used its web browser to display their message. They earned $35,000 in prize money as well as that Tesla Model 3.
That’s a wrap! Congrats to @fluoroacetate on winning Master of Pwn. There total was $375,000 (plus a vehicle) for the week. Superb work from this great duo. pic.twitter.com/Q7Fd7vuEoJ
— Zero Day Initiative (@thezdi) March 22, 2019
It’s worth noting that the Fluoroacetate team also dominated the Pwn2Own Tokyo in the past. Over the course of three days, they earned $375,000 and the deserving title of Master of Pwn for 2019.
Regarding the exploits and bugs showcased at the event, all the details will be provided to the onsite companies to help them release their patches. After 90 days, the details of the bugs will be made public.
