ID: IRCNE2014032134
Date: 2013-03-16
According to "computyerworld", security researchers demonstrated zero-day exploits against Google Chrome, Microsoft Internet Explorer, Apple Safari, Mozilla Firefox and Adobe Flash Player during the second day of the Pwn2Own hacking competition Thursday.
A team from French vulnerability research firm Vupen hacked Google Chrome by exploiting a use-after-free vulnerability that affects both the WebKit and Blink rendering engines. The researchers then successfully bypassed Chrome's sandbox protection to execute arbitrary code on the system.
On Wednesday, the first day of the contest that takes place every year at the CanSecWest security conference in Vancouver, researchers from the same team hacked Internet Explorer 11, Firefox, Flash Player and Adobe Reader.
Well-known iPhone and PlayStation 3 hacker George Hotz, known online as geohot, demonstrated a remote code execution exploit against Firefox, making it the competition's fourth successful hack against Mozilla's browser. Aside from Team Vupen, security researchers Jüri Aedla and Mariusz Mlynski had also compromised Firefox during the first day of the contest by exploiting different vulnerabilities.
On Thursday, researchers Sebastian Apelt and Andreas Schmidt demonstrated a browser-based exploit against Microsoft Internet Explorer that chained together two use-after-free vulnerabilities and a Windows kernel bug to open the Windows calculator application, proving remote code execution.
Another researcher, Liang Chen of the Chinese Keen Team, combined a heap overflow vulnerability with a sandbox bypass to achieve remote code execution through Apple Safari. He and fellow researcher Zeguang Zhou of team 509 then demonstrated a remote code execution exploit for Adobe Flash Player.
- 2