During the second day of Pwn2Own Vancouver 2019, competition managed to win a total D$270,000 in cash awards for their Mozilla Firefox and Microsoft Edge web browsers, as well as for their VMware Workstation clients.
The Fluoroacetate team successfully targeted and used the Mozilla Firefox web browser with the use of a JIT bug, an out – of-bound Write in the Windows kernel as a part of the first event.
It also tried to handle Microsoft’s Edge web browser, which had a VMware escape and an escalation of the kernel, using a exploit chain which combined “Edge confusion of type, a windows kernel racing condition, and an off-bound write to the VMware Workstation.
They started from a VMware Workstation customer and visited a specially created Microsoft Edge website to avoid VM and execute code on the hypervisor. Both operational demonstrations earned Fluoroacetate $180,000 during the second day, bringing them to a total of $340,000, together with their previous $160,000 earnings from the previous day.
Niklas Baumstark also targeted and successfully hacked Mozilla’s Firefox browser with a JIT bug chained with the logic bug that escaped the sandbox of the browser and earned $40,000. Arthur Gerkis from Exodus Intelligence, who managed to get out of the sandbox using a double-free renderer and the logic bug, also took advantage of Microsoft’s Edge, and received $50,000 for his effort.
During the first two days of the 2019 Pwn2Own contest in Vancouver the participants got a $510,000 cash award for eight operations and a partial win, which was successfully hacked by Safari, Firefox, Edge, VMware Workstation and Virtualbox. On the third and last day, Team KunnaPwn and Fluoroacetate are targeted at the VCSEC component and the Tesla Model 3 chromium based infotainment system in the automotive category of a competition.
According to the organizers of the contest, “the first successful researcher can also get away from the competition in his own brand new Model 3.” This year’s Pwn2Own competition is the first to come in with an automotive category that has “Awards range from $35,000 to $300,000 depending on a number of factors including exploits” to hack a Tesla Model 3 rear wheel.