Oracle VirtualBox, Adobe Reader Hacked at Pwn2Own 2020 Hacking Competition

ICS Hacking Contest

During the second day of the Pwn2Own 2020 hacking festival, competitors won a minimum of $90,000 for hacks targeted at Oracle VirtualBox, Adobe Reader, and Windows.

Phi Phạm Hồng of STAR Labs obtained $40,000 for successfully demonstrating the VirtualBox exploit that culminated in guest OS escape and arbitrary code execution on the host. The vulnerability included read out-of-bound and uninitialized variable errors.

Amat Cama and Richard Zhu from the Fluoroacetate team won $50,000 for showing that they could hijack the device by leveraging Adobe Reader and Windows kernel-free user vulnerabilities.

The Synacktiv team attempted to access the VMware Workstation, but the effort failed. Lucas Leong of the Zero Day Initiative (ZDI)—ZDI organizes Pwn2Own — was conducting a rare demonstration: a guest-to-host escape on VirtualBox.

On the first day of the case, researchers won a minimum of $180,000 to hack Windows 10, Ubuntu Desktop, Safari, and macOS, taking the overall paid out this year to $270,000. Once again, Cama and Zhu were named winners of the game.

Pwn2Own is usually conducted at the CanSecWest Cyber Security Conference in Vancouver, Canada, and attendees will participate in person. Nevertheless, owing to issues linked to the epidemic of COVID-19 coronavirus, ZDI has agreed to render the case fully interactive.

The cumulative sum paid out this year is half of what researchers received in 2019 when Cama and Zhu respectively gained $375,000, and Tesla to access the car’s web browser.

When Pwn2Own 2020 was initially revealed, ZDI again welcomed researchers to hack the Tesla. Nonetheless, because the automobile division needs in-person attendance, any Tesla hacking attempts have been delayed “until it’s realistic and secure to get together in a community environment,” ZDI said.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.