Coronavirus has made adjustments to events and exhibitions. So, the organizers of the annual competition for hackers Pwn2Own decided not to cancel the competition, but to conduct it online. Pwn2Own has been hacked by several popular programs, as well as operating systems, including macOS, Windows 10, and Ubuntu.
This year, hackers managed to earn 270 thousand dollars for the search for exploits. In total, nine vulnerabilities were detected in three categories. The organizers asked the team to send the found exploits in advance, however, a hacking demonstration was carried out in real time. The Georgia Tech Systems Software & Security Lab team managed to “uncover” the macOS operating system from Apple. They found a vulnerability in Safari, gaining access to the kernel of the OS. To do this, they used an exploit consisting of six errors and violating the integrity of the system. For this he was paid 70 thousand dollars.
The Flourescence team, which earned 40 thousand, was able to get advanced features in Windows 10 and access to the user account. Another exploit brought them another 50 thousand dollars. It was related to the vulnerability of Adobe Reader and the Windows 10 kernel.
Hacking Ubuntu was carried out by the RedRocket CTF team, which received root access to the kernel of the system. The prize for this mistake was 30 thousand dollars. The VMWare Workstation team, which was unable to take advantage of the vulnerability found in the allotted time, was named a failure of the contest. All hacked software developers were provided with full information about the exploits, as well as 90 days to fix, after which all information will be made public.
Interestingly, Android and iOS were not hacked as part of the current contest. However, experts argue that this is not a sign of the complete safety of these systems.