Safari, Chrome and Flash Player hacked during first day at Pwn2Own, some of them twice

Security researchers exploited previously unknown vulnerabilities in Apple Safari, Google Chrome and Flash Player to compromise the latest versions of OS X and Windows during the first day of the annual Pwn2Own hacking contest.

On Wednesday, four teams and a researcher who competed on his own made six attempts to hack this year’s targets: Safari running on OS X, Chrome running on Windows, Microsoft Edge running on Windows and Flash Player on Windows. Four attempts were successful, one was only partially successful and one failed.

The 360Vulcan Team from Chinese Internet security company Qihoo 360 combined a remote code execution vulnerability in Flash Player with a vulnerability in the Windows kernel to gain system privileges. For this feat, they received a US$80,000 prize, $60,000 for the Flash Player exploit and a $20,000 bonus for the system-level escalation.

To read this article in full or to leave a comment, please click here