In the first day of Pwn2Own Vancouver 2019, the participants successfully hacked into the browser Apple Safari, Oracle's VirtualBox and VMware Workstation that earned a Total $ 240,000 in cash prizes.
The Fluoroacet Team targeted all three apps during Pwn2Own's first day and exploited them all well and made $ 160.00 in the process.
First, Apple's Safari went down, which they managed to hack through a bug in the JIT with a heap of overflow to escape the sandbox according to the Pwn2Own Vancouver 201
Then, they used "a whole undercurrent and a running condition to escape the virtual machine and pop calc on the underlying OS" as they target Oracle VirtualBox in the contest's virtualization category.
The last program they used was VMware Workstation, the one that also brought them a $ 70,000 prize after "exploiting a race mode that leads to an out-of-bounds write in the VMware client to performing their code on the host operating system. "
Also on the first day, the request of STAR Labs managed to win $ 35,000 after using an integer undercurrent in the Oracle VirtualBox client that allows him to move from the client to the underlying operating system.
The Phoenhex & qwerty team was the only one who targeted Apple's Safari web browser, an effort that brought them a $ 45,000 prize for a kernel escalation leading to full system compromise triggered by a utilization chain that used " a JIT bug followed by heap OOB is read, then rotated from root to kernel via a TOCTOU bug. "
This was a partial gain, even though Apple already knew about one of the two software errors used to compromise the macOS operating system by attacking the Safari browser.
The full schedule and results after each exploitation attempt are listed
|10:00 – Fluoracetate (Amat Cama and Richard Zhu) targeting Apple Safari plus a sandbox flight in the web browser category.||Success: – The Fluoroacetate layer used an error in the JIT with a pile overflow to escape the sandbox. In this way, they earn themselves $ 55,000 and 5 Master of Pwn points.|
|11:30 – Fluoroacetate (Amat Cama and Richard Zhu) targeted to Oracle VirtualBox in the virtualization category.||Success: – The Fluoroacetate team is returned with an integer undercurrent and a race condition to escape the virtual machine and pop calc on the underlying OS. They earned another $ 35,000 and 3 points against Master on Pwn.|
|13:00 – anhdad by STAR Labs aimed at Oracle VirtualBox in the virtualization category.||Success: – anhdad uses an integer underflow in Orcale VirtualBox to move from the client to the underlying OS.|
|14:30 – Fluoroacetate (Amat Cama and Richard Zhu) targeted at VMware Workstation in the virtualization category.||Success: – The Fluoroacetate duo completed their first day by utilizing a running state that leads to an out-bound writing in the VMware client to execute their code on the host operating system. They even earn another $ 70,000 and 7 more Master of Pwn points.|
|16:00 – Phoenhex & qwerty ( @_ niklasb @qwertyoruiopz @bkth_ ) targeted Apple Safari with a core escalation in the browser category.||Partial success: – The Phoenhex & qwerty team used a JIT bug followed by heap OOB read, then rotated from root to kernel via a TOCTOU bug. It's a partial win since Apple already knew 1 of the bugs. They still win $ 45,000 and 4 points against the Master of Pwn.|
This year's edition of Pwn2Own is the first to also come up with a car category with prices that range from $ 35,000 to $ 300,000 depending on a number of factors, including the utilization used when trying to hack a Tesla Model 3 middle rear-wheel drive vehicle.
According to the competition organizers, "the first successful researcher can also run in their brand new Model 3 after the competition ends."
The goals and available premiums for the automotive industry are listed below: ]
According to the Pwn2Own Vancouver 2019 schedule, competitors will try to exploit the browser Mozilla Firefox and Microsoft Edge during the second day of the competition.
During the last day of this year's Pwn2Own computer hacking competition, the researchers will target the VCSEC component and the chromium-based nfotainment system of the Tesla Model 3 in the automotive category.