Hackers Demonstrate Vulnerabilities in Chrome and Safari on Day One of Pwn2Own
On the first day of the Pwn2Own hacking meeting, hackers hacked Google’s browser Chrome and Apple’s counterpart Safari through hitherto unknown vulnerabilities. Both cases involved a use-after-free vulnerability.
Hacker JungHoon Lee used a series of four vulnerabilities to crack Safari’s security, Threatpost says. In addition to a use-after-free vulnerability, he also used a heap overflow bug to crack the security and run code on the computer. In use-after-free bugs, the reallocation of freed memory can be abused, for example by generating a buffer overflow.
A group called Tencent Security Team Shield cracked Chrome’s security, allowing them to gain root privileges on a system. The biggest hack of the day came from 360Vulcan Team, who made $80,000 by demonstrating a vulnerability in Flash and the Windows kernel that gave the Adobe application system privileges and allowed the hackers to execute arbitrary code.
Pwn2Own is a competition in which hackers try to outdo each other by cracking the security of browsers in particular as quickly as possible. They do this through previously unknown leaks.