A prize pool of $460,000 was handed out at last week’s Pwn2Own security contest, where researchers and hackers poked holes and found vulnerabilities in Windows, Edge, Chrome, Safari, and OS X.
The contest, which was sponsored by HP and Trend Micro, took place at the CanSecWest security conference in Vancouver. A total of 21 flaws were found in several programs and operating systems but Windows once again came out as the most flawed of the lot. Hackers tallied six vulnerabilities in Windows 10. However, Apple didn’t perform that much better. Five vulnerabilities were found in Mac OS X.
There were five teams of hackers competing in the two-day contest, including three teams from Chinese tech giant Tencent, a team from Qihoo 360, and a lone contestant, JungHoon Lee from South Korea.
Operating systems aside, the hackers turned their attention to smaller attack surfaces in browsers and carried out successful bug tests on Microsoft’s newest browser Edge, such as exploiting a particular bug to get administrator system privilege. The good news, though, is that Edge is not as flawed as its predecessor Internet Explorer, thanks largely to its new code base. Safari, meanwhile, was attacked successfully three times by the hacker teams.
Chrome came out looking the best on this occasion. Two attempted attacks were carried out on Google’s browser. One failed, and the other only partly worked. Firefox was left out of this year’s contest because the organizers believed it had not made significant improvements to its security in the last year that were worthy of testing.
However, Adobe Flash was one of the hackers’ test subjects despite its well-publicized security failings. It was included as it is a common attack vector for compromising browsers.
Each team bagged an impressive amount of money each for their hacking efforts, but it was JungHoon Lee that came away with the most, at $145,000. Tencent’s Team Sniper won $142,500 and Qighoo 360’s 360Vulcan Team netted $132,500.
- The best web browsers for 2020
- Massive iPhone security flaw left millions of phones vulnerable to hacks
- LastPass vs. 1Password
- The FBI broke Apple’s iPhone encryption. Here’s why you shouldn’t panic
- How to tell if your security camera has been hacked