Linked by Alfman on Mon 23rd Mar 2015 10:42 UTC
Privacy, Security, Encryption

The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another banner year, paying $442,000 for 21 critical bugs in all four major browsers, as well as Windows, Adobe Flash, and Adobe Reader.

Permalink for comment 607641
To read all comments associated with this story, please click here.
RE: Any better reports?
by benjymouse on Mon 23rd Mar 2015 17:59 UTC in reply to "Any better reports?"
benjymouse
Member since:
2011-08-06

I understand that all major browsers were compromised, does anyone know what operating systems they were running on, or if they were operating system agnostic?

There are more mentions on windows exploits as part of the exploit as well, so I guess one can assume that these all worked against the browsers running on windows, but no mention of mac or linux.


Per the rules all browsers had to be exploited on Windows, except for Safari which had to be exploited on OS X. No Linux target was set up.

Attackers who could escape browser security and execute code at normal integrity level (Windows) or just as the user on OS X was rewarded with the *browser* exploit award.

Specifically on Windows there was an extra prize if the attacker could elevate to SYSTEM (roughly the equivalent of root if root login has been disabled). Several of the contestants achieved that as well. There was no similar prize for root on OS X.

Reply Parent Score: 3