Search This Blog

Saturday, 21 March 2015

No Browser is safe : Chrome, Firefox, Internet Explorer, Safari all hacked at Pwn2Own contest

#Pwn2Own Chinese team cracks Internet Explorer in 11 seconds flat, other top browser fall to ethical hackers

In current cyber security scenario, hackers once again proved that there is no such thing as a secure browser. Security researchers, ethical hackers and bug bounty hunter who participated in the Pwn2Own hacking contest this week successfully demonstrated remote code execution exploits against Chrome, Internet Explorer, Firefox and Safari. They also hacked the ever willing hack candidate, Adobe Reader and Flash Player plug-ins.
Pwn2Own is a popular yearly hacking contest and this years contest was organized in Vancouver, Canada this week. The Pwn2own was dominated by the Chinese hacking team as they successfully “broke” Internet Explorer 11 in only 17 seconds and created a world record of sorts. The team called 360Vulcan sadly failed to capture the unicorn prize of the contest but became centre of attention among the competitors and organizers.
The Internet Explorer 11  was put ahead of all browsers by the organizers because it is protected with enhanced sandbox, a full 64 bit process, EMET (Microsoft’s Enhanced Mitigation Experience Toolkit), the security mechanisms of Windows 8.1  but  360Vulcan team managed to bypass all these measures and hack Internet Explorer within 17 seconds, which is remarkable.
On Thursday, South Korean security researcher and serial browser hacker JungHoon Lee, known online as lokihardt walked away with US$225,000 in prize money and new laptop for exploiting Internet Explorer 11 and Google Chrome on Windows, Safari on Mac OS X.
Another researcher who’s online handle is ilxu1a popped Mozilla Firefox on Windows for a $15,000 prize. Mozilla’s Firefox was also hacked by Mariusz Mlynski by leveraging a Windows flaw to gain SYSTEM privileges, earning him a $25,000 bonus on top of the standard $30,000 payout for the Firefox hack.
The Pwn2Own contest is sponsored by Hewlett-Packard’s Zero Day Initiative program and pits security researchers, ethical hackers and bug bounty hunters against the 64-bit versions of the top browsers in the world. This years Pwn2Own listed following successful hack candidates :
Five flaws in the Windows OS
Four in Internet Explorer 11
Three each in Mozilla Firefox, Adobe Reader, and Flash Player
Two in Apple Safari
One in Google Chrome which emerged as the least vulnerable one for now.

No comments:

Post a Comment