Pwn2Own 2016 – Windows, OS X, Chrome, Edge, Safari All Hacked

Well, here’s some unsettling news …

The results of this year’s Pwn2Own security contest are in and things are not looking good for Windows and Apple OS X, the browsers Safari, Edge and Chrome, and Adobe Flash as they have all been pwned by participating security teams. Firefox was not part of the 2016 contest because it has not “made serious security improvements in the last year” according to Brian Gorenc, manager of Vulnerability Research at HPE, which sponsored the 2016 event together with TrendMicro.

Of the three web browsers that were attacked during the event, all three were exploited successfully by participating teams, often with the help of vulnerabilities in the operating systems they ran on, or Adobe Flash.

Pwn2Own 2016

pwn2own 2016

Google Chrome fared the best of the three as it was attacked twice by participants but exploited successfully only once. The successful attack did not count fully though as the vulnerability used to attack Chrome had been reported to Google already.

All attacks on Microsoft Edge and Apple Safari were successful. Participants attacked Edge twice and Safari thrice during the two days of the contest.

In addition to these attacks, vulnerabilities in operating systems and Adobe Flash were revealed as well.

Six new Microsoft Windows, five new Apple OS X and four new Adobe Flash vulnerabilities were disclosed during the event.

Interestingly enough, all successful attacks during the 2016 Pwn2Own event gave the attacker system or root privileges, something that has not happened before in previous years.

Trend Micro released two videos –one for each day of the contest — that summarized the attacks of each day and whether they have been successful.

Pwn2Own 2016 Day 1 Recap

Pwn2Own 2016 Day 2 Recap and Event Wrap-up

Companies have been informed about the vulnerabilities used during the contest, and it is likely that we will see patches be released shortly for at least some of them.

Closing Words

It is a bit unfortunate that Firefox and Linux were not included, but Firefox users, and users who use other browsers than the three that were included, may at least benefit from the newfound vulnerabilities in Microsoft Windows and Apple OS X, and if they use Adobe Flash, also in that program. (via Venturebeat)

Link to Original Content

Tags: , , , ,

Comments are closed.