Zero Days Galore

Monday, March 23, 2015 @ 04:03 PM gHale


Zero Days.

That is what everybody is looking for when a hacking competition opens up and the first day of Pwn2Own was the perfect case in point.

RELATED STORIES
Incidents Down; APTs on Rise
Security: A Presidential Mandate
Malware Focuses on U.S. Attacks
Users Remain Security’s Weakest Link

Competition participants exploited 13 Zero Day vulnerabilities in Mozilla Firefox, Internet Explorer 11, and Adobe’s Flash and Reader products. Those flaws connected with other vulnerabilities led attackers to taking control over the targeted computer.

In total, the security researchers combined 13 undisclosed bugs into exploit chains and pocketed $317,500. The bonus for each system escalation flaw was set to $25,000.

Zeguang Zhao (Team509), Peter, Jihui Lu, and wushi (KeenTeam) joined efforts and used a heap overflow remote code execution vulnerability in Adobe Flash and escalated local privileges in Windows kernel via a bug in TrueType fonts and gained unrestricted access to the machine.

They received $60,000 for the glitch in Flash and the system escalation bonus.

KeenTeam (Peter, Jihui Lu, Wen Xu, and wushi) took on Adobe Reader and leveraged an integer overflow weakness ($30,000), achieving pool corruption through a different TrueType font bug; this action allowed system escalation once more and owning of the machine.

Adobe Flash and Reader fell to security researcher Nicolas Jolly. In the allotted 30 minutes, he exploited a use-after-free (UAF) remote code execution vulnerability and sandbox escape directory traversal vulnerability in the Flash broker, which brought in a $30,000 award.

Jolly also brought Adobe Reader down with a stack buffer overflow vulnerability (info leak and remote code execution) followed by an integer overflow to exploit the broker. This added $60,000, increasing his payout for the day to $90,000.

According to a post from HP, who co-sponsors the competition together with Google Project Zero, Firefox browser “knocked it out of the park through a cross-origin vulnerability followed by privilege escalation within the browser – all within .542 seconds.”

Mariusz Mlynski is responsible for the deed, who continued the attack by executing a fundamental flaw to escalate to system privileges in Windows, whose details remain undisclosed until a fix releases. The work resulted in a $55,000 award, including the reward for gaining system rights.

The bug for Internet Explorer 11 ended up discovered by a new contestant, 360Vulcan Team, who managed to compromise the 64-bit version of the browser through an uninitialized memory flaw that led to medium-integrity code execution and a reward of $32,500.

The tally for the first Pwn2Own day was 3 bugs in Adobe Reader, 3 bugs in Adobe Flash, 3 bugs in Windows, 2 bugs in Internet Explorer 11 and 2 in Mozilla Firefox.



Leave a Reply

You must be logged in to post a comment.