Pwn2Own 2014: first results

These days, Vancouver hosts the Pwn2Own event, where participants are invited to demonstrate their working exploits for remote code execution through browser and plug-in vulnerabilities. During the first day of the competition, almost all of the declared plugins and browsers were successfully pwned (with the exception of the Oracle Java plug-in, the exploit was withdrawn by VUPEN): Internet Explorer 11, Mozilla Firefox, and also Adobe Reader XI & Adobe Flash Player plug-ins in IE11, all up-to -date Windows 8.1 x64 (with sandbox-escape).



As usual, the French company VUPEN in the spotlight.
')
“I believe that our industry [vulnerability search & exploit development] is business as usual. Today, a large number of companies like VUPEN are selling information about vulnerabilities to customers who are directly related to the state. Such a business has become quite common. None of our exploits were detected in in-the-wild attacks. All of our customers use sold exploits to secure national security missions. ” - Chaouki Bekrar for ThreatPost - VUPEN cashes in four times at Pwn2Own .

The Pwn4Fun Special Contest is a competition between Google & Hewlett-Packard ZDI teams. Due to the fact that these companies themselves are sponsors of the event, all funds received as a result of the winnings go to charity.



Configuration of operation & price targets.