Pwn2Own day1: Edge, Safari, Adobe Reader, Ubuntu

Hackers combined the heap overflow with a Windows kernel information leak and a remote code execution vulnerability in the Windows kernel to earn $50,000.

The attack would be the first of two to be carried out against Reader on the day. Later in the afternoon hackers working with Tencent Security used an info leak bug and a use-after-free bug to achieve code execution. They followed that up with leveraging another use-after-free in the kernel to gain SYSTEM-level privileges, earning $25K.

Another group of hackers working with Tencent, Team Ether, broke Microsoft Edge earlier in the day. The bug they found earned the group the largest payout of the day, $80,000 and was tied to an arbitrary write in Chakra core and a logic bug that escaped the sandbox.

The Linux bug was a heap out-of-bound access bug in the Linux kernel which earned the group $15,000.

The Safari bug was a little more involved. The group had to chain together six different bugs, including an information disclosure in Safari, four different type confusion bugs in the browser, and a use-after-free in WindowServer – a component that manages requests between OS X apps and the machine’s graphics hardware – to carry it out. The group was able to achieve root access on macOS through the exploit and earn $35,000.

Two groups withdrew attacks planned against Windows and Edge on Wednesday, mounting speculation over whether Microsoft’s delayed Patch Tuesday updates broke attack vectors the entrants were planning on using.

Given the large number of entrants – 17 – the competition’s sponsors, Trend Micro and Zero Day Initiative, are splitting Pwn2Own’s second day into two tracks. Attacks against Mozilla’s Firefox, both Microsoft Windows and Edge, Apple’s macOS and Safari, and Adobe Flash are on tap for Thursday.

https://threatpost.com/hackers-take-down-reader-safari-edge-ubuntu-linu…