Vulnerabilities in Safari, Firefox, & Edge were Exposed at Pwn2Own 2018

Internet browsers like Microsoft Edge, Firefox and Safari were a prime target for the white hat hackers at the annual ethical hacking conference, Pwn2Own 2018, that is held in Vancouver, Canada.

According to the latest reports, the prize-money was awarded by Trend Micro’s Zero Day Initiative (ZDI), till now hackers have won $267,000 of the total $2 million for hacking Firefox, Edge, and Safari.

 “The biggest surprise is how many people targeted Apple Safari,” Dustin Childs, communications manager for ZDI, told eWEEK. “It’s really returning to the roots of Pwn2Own when we saw a lot of individuals targeting macOS.”

On the first day of the 2018 event vulnerabilities in Microsoft Edge, Oracle VirtualBox and Apple Safari were exploited by the attendees. While, on the second day Apple safari, as well as Mozilla Firefox, was the prime target for the researchers.

Security researcher Richard Zhu won the contest by gaining 12 points for exploiting Firefox and Edge.  Zhu took home $120,000 of the $267,000 total prize money. Each researcher got to keep the laptop they tried their exploits on.

“One thing we learned this year is the importance of giving researchers as much time to build their exploits as possible,” Childs said. “We saw some contestants withdraw because they simply didn’t have enough time to complete their chains due to the increased complexity of the targets.”

Pwn2Own 2018, show that in recent times operating systems and web browsers have become more secure in recent years, but still, even fully patched systems can be exploited by the best security researchers.

“Software will always be vulnerable,” Childs said. “No matter what patches are released, researchers will continue to find holes in popular enterprise platforms.” a

Leave a Reply