With the unprecedented number of contestants and entries, the Zero Day Initiative is dividing today’s schedule into two tracks. The first track will focus on attempts against Microsoft and Adobe products. Track Two focuses on products from Apple and Mozilla. This allows ZDI to get through twice the number of contestants in a single day during our largest ever Pwn2Own. We’re thrilled at the level of participation for the 10th anniversary of Pwn2Own and look forward to awarding more than $1,000,000 USD in prizes.
The full schedule for Day Two is below (all times PDT). We will update this schedule with results as they become available.
| TRACK A | TRACK B | ||
| 8:30am | 360 Security (@mj0011sec) targeting Adobe Flash with a SYSTEM-level escalation and a virtual machine escape SUCCESS: 360 Security (@mj0011sec) successfully exploits Adobe Flash and elevates to SYSTEM using 4 bugs. They did not complete the VMware escape bonus portion, but what they demonstrated constitutes a win and nets them $40,000 and 12 Master of Pwn points. |
9:15am | Tencent Security – Team Shield (Keen Lab and PC Mgr) targeting Apple macOS WITHDRAW: The team has withdrawn this entry from the competition. |
| 10:00am | Tencent Security – Team Sniper (Keen Lab and PC Mgr) targeting Adobe Flash with a SYSTEM-level escalation SUCCESS: Tencent Security – Team Sniper (Keen Lab and PC Mgr) successfully exploits Adobe Flash via a UAF and escalates to SYSTEM with a UAF in the Windows kernel. This earned them $40,000 and 12 points for Master of Pwn. |
10:45am | 360 Security (@mj0011sec) targeting Apple macOS SUCCESS: The 360 Security (@mj0011sec) successfully elevates privileges on Apple macOS by using an infoleak and race condition in the kernel. In doing so, they garner $10,000 and 3 more points for Master of Pwn. |
| 11:00am | Tencent Security – Lance Team targeting Microsoft Edge with a SYSTEM-level escalation SUCCESS: Tencent Security – Lance Team successfully exploits Microsoft Edge by using a UAF in Chakra then elevates to SYSTEM by using a UAF in Windows kernel. They earned themselves $55,000 and 13 Master of Pwn points. |
11:45am | 360 Security (@mj0011sec) targeting Apple Safari with an escalation to root on macOS SUCCESS: The 360 Security (@mj0011sec) successfully exploited Apple Safari through an integer overflow and escalated to root using a macOS kernel UAF. This garners them $35,000 and 11 more Master of Pwn points. |
| 1:00pm | Tencent Security – Sword Team targeting Microsoft Edge DISQUALIFIED: The entry from Tencent Security – Sword Team was disqualified for not using true 0-days. The bugs used were reported earlier in the contest by a separate Tencent team and are known by the vendor. |
2:00pm | Chaitin Security Research Lab (@ChaitinTech) targeting macOS SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) succeeds in elevating in macOS by using an infoleak and out-of-bounds bug in the macOS kernel. In doing so, they netted another $10,000 and 3 more Master of Pwn points. |
| 2:30pm | Tencent Security – Lance Team targeting Microsoft Windows WITHDRAW: The team has withdrawn this entry from the competition. |
3:00pm | Tencent Security – Team Sniper (Keen Lab and PC Mgr) targeting Apple macOS DISQUALIFIED: This entry from Tencent Security – Team Sniper (Keen Lab and PC Mgr) was disqualified for not using true 0-days. The bugs used were previously known by the vendor. |
| 3:30pm | Tencent Security – Team Shield (Keen Lab and PC Mgr) targeting Microsoft Edge with a SYSTEM-level escalation WITHDRAW: The team has withdrawn this entry from the competition. |
4:00pm | Moritz Jodeit, Blue Frost Security (@moritzj) targeting Mozilla Firefox FAILURE: The contestant could not complete their exploit chain within the allotted time. |
| 4:30pm | Tencent Security – Team Sniper (Keen Lab and PC Mgr) targeting Microsoft Edge with a SYSTEM-level escalation SUCCESS – The Tencent Security – Team Sniper (Keen Lab and PC Mgr) exploits Microsoft Edge with a SYSTEM-level escalation by using a UAF in Chakra and a UAF in the Windows kernel. |
5:00pm | Chaitin Security Research Lab (@ChaitinTech) targeting Mozilla Firefox with a SYSTEM-level escalation SUCCESS: The Chaitin Security Research Lab (@ChaitinTech) team finish their Pwn2Own by exploiting Firefox with an integer overflow and escalating privileges through uninitialized buffer in the Windows kernel. |
| 5:30pm | 360 Security (@mj0011sec) targeting Microsoft Windows SUCCESS: The 360 Security (@mj0011sec) successfully exploits Microsoft Windows with an out-of-bounds bug in the Windows kernel. Nets them $15,000 and 4 Master of Pwn points. |
6:00pm | Tencent Security – Team Sniper (Keen Lab and PC Mgr) targeting Apple Safari with an escalation to root on macOS SUCCESS: Tencent Security – Team Sniper (Keen Lab and PC Mgr) exploits Safari with an integer overflow and escalates to root with an out-of-bounds UAF in WindowServer. This nets them $35,000 and 11 points for Master of Pwn. |
| 7:00pm | Tencent Security – Team Sniper (Keen Lab and PC Mgr) targeting Microsoft Windows SUCCESS: The folks from Tencent Security – Team Sniper (Keen Lab and PC Mgr) elevated privileges in Microsoft Windows through an integer overflow in the kernel. This final act of Day Two earned them $15,000 and 4 points for Master of Pwn. |
||
We’ll update this blog with results as they become available. Follow us on Twitter for the latest information, including a wrap of Day One and the schedule for Day Three.