In less than 30 minutes, @RZ_fluorescence targets #Microsoft #Edge browser and includes a Windows EoP. Stay tuned for results. #Pwn2Own
— Zero Day Initiative (@thezdi) March 14, 2018
With a mere 1m 37s left on the clock, @RZ_fluorescence gets his #Edge exploit to work! Now off to the disclosure room for confirmation and vendor notification. pic.twitter.com/VeZ4FB3R0v
— Zero Day Initiative (@thezdi) March 14, 2018
Next up, @_niklasb targets #Oracle #VirtualBox. A successful attempt earns him $35K and 4 Master of Pwn points. #Pwn2Own #P2O
— Zero Day Initiative (@thezdi) March 14, 2018
Well that was quick! @_niklasb successfully popped not 1, but 3 calcs total. Now to the disclosure room for confirmation and vendor notification. pic.twitter.com/I3lXlY5e1A
— Zero Day Initiative (@thezdi) March 14, 2018
Next up: Samuel Groß (@5aelo) of phoenhex target Apple Safari with a macOS kernel EoP. Last year, his exploit included the touch bar. We'll see what he brings this year.
— Zero Day Initiative (@thezdi) March 14, 2018
Success! Samuel Groß (@5aelo) manages to pop calc and brings back his trademark touchbar finesse. Now off to the disclosure room for confirmation and vendor notification. pic.twitter.com/REQh1kHBjB
— Zero Day Initiative (@thezdi) March 14, 2018
Confirmed! @5aelo used a JIT optimization bug in the browser, a macOS logic bug, & a kernel overwrite to execute code to successfully exploit Apple Safari. This chain earned him $65K & 6 points Master of Pwn points. pic.twitter.com/iLfNFnXzzs
— Zero Day Initiative (@thezdi) March 15, 2018
Az 1. nap összefoglalója itt.
2. nap
A második napon 105 000 amerikai dollárnyi jutalom talált gazdára:
Starting soon - Richard Zhu (@RZ_fluorescence) targets Mozilla Firefox with a Windows kernel EoP.
— Zero Day Initiative (@thezdi) March 15, 2018
Boom! No drama for @RZ_fluorescence today as he takes down FireFox on his first attempt. Now off to the disclosure room for confirmation and vendor notification. pic.twitter.com/yoqU1FqfXI
— Zero Day Initiative (@thezdi) March 15, 2018
Next up, Markus Gaasedelen (@gaasedelen), Nick Burnett (@itszn13), and Patrick Biernat of @ret2systems targeting Apple Safari with a macOS kernel EoP. Their first attempt starts soon.
— Zero Day Initiative (@thezdi) March 15, 2018
The folks from @Ret2systems targeting Safari weren't able to complete their exploit in 3 attempts. While it worked on the 4th attempt, it still counts as a failure. Bugs were purchased & disclosed to Apple through our normal process. pic.twitter.com/rhGkBY06B2
— Zero Day Initiative (@thezdi) March 15, 2018
In our final attempt for #Pwn2Own 2018, MWR Labs - Alex Plaskett (@AlaxJPlaskett), Georgi Geshev (@munmap), Fabi Beterke (@pwnfl4k3s) - target #Apple #Safari with a sandbox escape. Starts at 2pm PDT.
— Zero Day Initiative (@thezdi) March 15, 2018
Confirmed! @mwrlabs leveraged a heap buffer underflow in the browser and an uninitialized stack variable in macOS to exploit #Safari and escape the sandbox. In doing so, they earned $55,000 and 5 Master of Pwn points. pic.twitter.com/75FRNueMWL
— Zero Day Initiative (@thezdi) March 15, 2018
A 2. nap összefoglalója itt.
A "torna" abszolút győztese és a dzseki tulajdonosa idén RZ_fluorescence lett:
Congrats to @RZ_fluorescence on being named Master of Pwn for #Pwn2Own 2018! His exploits for Edge and Firefox earned him $120,000, this sweet jacket, and the trophy. We hope he returns in the future to defend his title. pic.twitter.com/ljKhmjJrHn
— Zero Day Initiative (@thezdi) March 16, 2018
- A hozzászóláshoz be kell jelentkezni