Nytro Posted March 20, 2015 Report Posted March 20, 2015 Pwn2Own 2015: Day Two resultsDustin_Childs| March 19, 2015The second and final day of Pwn2Own 2015 saw successful exploits by both entrants against four products, with each going after multiple targets and collecting a total of $235,000. This brings the two-day payout total to $552,500, not including the value of the laptops, ZDI points, and other prizes given to winning researchers.Here’s the highlights of the day’s proceedings. ilxu1a started off Day Two by taking down Mozilla Firefox with an out-of-bounds read/write vulnerability leading to medium-integrity code execution. It happened so quickly that those of us who blinked missed it — although in our defense, it was sub-second execution. He reports he found the bug through static analysis, which is truly impressive. ilxu1a received $15,000 USD for the bug.For the first of his three targets, JungHoon Lee (lokihardt) took out 64-bit Internet Explorer 11 with a time-of-check to time-of-use (TOCTOU) vulnerability allowing for read/write privileges. He evaded all the defensive mechanisms by using a sandbox escape through privileged JavaScript injection, all of which resulted in medium-integrity code execution. This got his day started out right with a payout of $65,000 USD.Next, JungHoon Lee (lokihardt) demonstrated an exploit that affects both the stable and beta versions of Google Chrome. He leveraged a buffer overflow race condition in Chrome, then used an info leak and race condition in two Windows kernel drivers to get SYSTEM access. With all of this, lokihardt managed to get the single biggest payout of the competition, not to mention the single biggest payout in Pwn2Own history: $75,000 USD for the Chrome bug, an extra $25,000 for the privilege escalation to SYSTEM, and another $10,000 from Google for hitting the beta version for a grand total of $110,000. To put it another way, lokihardt earned roughly $916 a second for his two-minute demonstration. There are times when “Wow” just isn’t enough.For his final act of the competition, JungHoon Lee (lokihardt) took out Apple Safari using a use-after-free (UAF) vulnerability in an uninitialized stack pointer in the browser and bypassed the sandbox for code execution. That netted him another $50,000 USD and brought his daily total to $225,000. This is an amazing accomplishment for anyone, but it’s especially impressive considering he is an individual competitor rather than a team. Well done.The final entrant in Pwn2Own 2015, ilxu1a, attempted to exploit Google Chrome, but ran out of time before he could get his code working. He told us he was having issues with his info leak. While not a winner on this round, he has won twice before and showed some lovely research on the topic. I’m sure we’ll see him again.As with every Pwn2Own, all vulnerabilities were disclosed to their respective vendors in our “Chamber of Disclosures,” and each vendor is working to fix these bugs through their own processes.The final numbers for Pwn2Own 2015 are quite impressive:5 bugs in the Windows operating system4 bugs in Internet Explorer 113 bugs in Mozilla Firefox3 bugs in Adobe Reader3 bugs in Adobe Flash2 bugs in Apple Safari1 bug in Google Chrome$442,500 USD bounty paid out to researchersAgain, congratulations to all of this year’s champions. It was a great time for us, and we saw some amazing research throughout the contest. Thanks again to our co-sponsors at Google Project Zero.See you next year!Sursa: Pwn2Own 2015: Day Two results - HP Enterprise Business Community Quote
Guest Kronzy Posted March 20, 2015 Report Posted March 20, 2015 4 bugs in Internet Explorer 11 1 bug in Google Chrome Mda ,se vede diferenta ma mir ca nu au cautat si in linux ca sigur erau mai multe bug-uri ca in windows(linux kernel sucks) Quote
Kalashnikov. Posted March 20, 2015 Report Posted March 20, 2015 4 bugs in Internet Explorer 11 1 bug in Google Chrome Mda ,se vede diferenta ma mir ca nu au cautat si in linux ca sigur erau mai multe bug-uri ca in windows(linux kernel sucks)Argumenteaza te rog, mai exact aici linux kernel sucks , multumesc. Quote
dany_love Posted March 20, 2015 Report Posted March 20, 2015 Argumenteaza te rog, mai exact aici linux kernel sucks , multumesc.O fi incercat omu dx12 pe Kali si acum e suparat.xd Quote
Guest Kronzy Posted March 20, 2015 Report Posted March 20, 2015 Argumenteaza te rog, mai exact aici linux kernel sucks , multumesc.Pai pentru linux kernel sunt N exploit-uri , iar pentru windows kernel nu sunt "atat" de multe exploit-uri fiindca "windows kernel" ii mai securizat ca "linux kernel". Quote
Aerosol Posted March 20, 2015 Report Posted March 20, 2015 @Kronzy.https://rstforums.com/forum/97612-top-os-app-vulnerable-2014-a.rstCe mai ai de zis acum? Quote
Kalashnikov. Posted March 20, 2015 Report Posted March 20, 2015 Pai pentru linux kernel sunt N exploit-uri , iar pentru windows kernel nu sunt "atat" de multe exploit-uri fiindca "windows kernel" ii mai securizat ca "linux kernel".linux kernel = open sourcewindows kernel = ?????de asta sunt asa multe pe linux @Aerosol Ce mai ai de zis acum? pai si care din graficu ala arata exploiturile? Quote
haked Posted March 20, 2015 Report Posted March 20, 2015 Surprinzator dar voi abia acum realizati ca " linux kernel suck's"? Quote
Andrei Posted March 21, 2015 Report Posted March 21, 2015 (edited) Poate ar trebui sa vedem si cate din cele ~200 de vulnerabilitati de Windows (conform tabelui de mai sus) sunt patchuite, cate nu vor fi niciodata patchuite si cate au fost patchuite in mai putin de 3 luni comparativ cu kernelul de linux. De ce Linux Kernel indiferent de versiune e vazut ca unul singur in vreme ce Windows e impartit pe versiuni? Grow up, kids. Edited March 21, 2015 by Andrei Quote
