Flash, Reader, Java Fall in Contest

Friday, March 8, 2013 @ 04:03 PM gHale

First it was the browsers, then came Adobe Flash, Adobe Reader, and Java. Yes, another day and another round of successful hacks at the Pwn2Own competition.

French security firm VUPEN beat up on Flash, Reader by George Hotz and Java by Ben Murphy.

Browsers Take Exploit Hits
Google Fixes Chrome Vulnerabilities
Chrome 25 Fixes Vulnerabilities
Security Fixes; PDF Viewer in Firefox 19

On the first day of the competition, Firefox 19, IE 10 and Java were “pwned” by VUPEN and Chrome by experts from MWR Labs. James Forshaw and Joshua Drake also managed to find vulnerabilities in Java.

Java hacks are worth $20,000, while Reader and Flash exploits are rewarded with $70,000.

The total amount of prizes handed out at the 2013 edition of Pwn2Own is $380,000.

Mozilla and Google already shipped updates to their browsers.

Mozilla’s Firefox updated to version 19.0.2 with a fix for the vulnerability; the same fix, for a use-after-free in the HTML editor which could lead to arbitrary code execution, has also been applied to Firefox ESR 17.0.4, Thunderbird (ESR) 17.0.4 and SeaMonkey 2.16.1.

Google updated the stable channel for Chrome on Windows, Mac OS X and Linux for the type confusion flaw exploited by Nils and Jon of MWR Labs at Pwn2Own. Both the Firefox and Chrome updates are automatically downloaded by browsers and installed on browser restarts.

Leave a Reply

You must be logged in to post a comment.