Pwn2Own 2019 - Firefox, Edge, Windows, VMWare Hacked

Dinesh Vishwakarma

Pwn2Own 2019 – Firefox, Edge, Windows, VMware Hacked – Ethical Hackers Earned $270,000 USD in Day 2[br][br][img src="/storage/emulated/0/Download/Pwn2Own-2019--1.jpg"][br][br]In the second day of Pwn2Own 2019 contest, Ethical Hackers compromised Microsoft Edge, Mozilla Firefox, Windows, VMware and earned $270,000 USD in a single day by submitting 9 unique zero-day exploits.[br][br]The first[a href="https://gbhackers.com/pwn2own-2019-ethical-hackers/"] [/a]day, 2 teams of researchers and 2 independent researchers have been made $240,000 USD by reporting 9 zero-day bugs in Safari, VMware, and Virtualbox.[br][br]Initially, on second-day Fluoroacetate[a href="https://twitter.com/fluoroacetate"] [/a](Amat Cama and Richard Zhu) came back and target the Mozilla Firefox with a kernel escalation which comes under web browser category.[br][br]In this case, they took advantage of the vulnerability in HIT[a href="https://en.wikipedia.org/wiki/JIT_spraying"] [/a]along with an out-of-bounds write in the Windows kernel, for that they earned $50,000 and 5 Master of Pwn points.[br][br]Fluoroacetate team again come back to targeting the Microsoft Edge with a kernel escalation and a VMware escape which comes under web browser category.[br][br]According to EDIT, The Fluoroacetate team used a combination of a type confusion in Edge, a race condition in the kernel, and finally, a out-of-bounds write in VMware to go from a browser in a virtual client to executing code on the host OS. They earn $130,000 plus 13 Master of Pwn points.[br][br][img src="/storage/emulated/0/Download/sddefault.jpg"][br][br]Another Independent researcher Niklas[a href="https://twitter.com/_niklasb"] [/a]Baumstark targeting Mozilla Firefox with a sandbox escape and he successfully demonstrate the JIT bug in Firefox, for that he earned $40,000 and 4 Master of Pwn points.[br][br]Finally, Ethical hacker Arthur[a href="https://twitter.com/ax330d"] [/a]Gerkis targeting Microsoft Edge with a sandbox escape as a final attempt of the day.[br][br]He used a double free in the render and logic bug to bypass the sandbox and earned him $50,000 and 5 points towards Master of Pwn.[br][br]Arthur Gerkis of Exodus Intelligence demonstrates his Microsoft Edge exploit[br][br]End of the second day ZDI rewarded $270,000 for 9 unique zero day. so totally $510,000 has been reward in first 2 days.[br][br]3rd and Final day, tomorrow when ZDI debut the automotive category with the two final entries of Pwn2Own. please Stay tuned. We will update the 3 rd day result tomorrow.[br][br]