The annual Pwn2Own competition has proven fruitful for security researchers who have hacked their way to a total prize fund that exceeds half a million dollars in cash and prizes. Major browsers and software have all fallen by the wayside as bounties were paid for new zero days.
Pwn2Own offered two different categories – the first, against Chrome, Firefox, IE, Java, Flash and Adobe Reader led to all of the $480,000 dollars that was paid out in cash (the total prize fund was boosted over the half a million mark when laptop and subscription prizes were factored in) – and a second competition to hack Google’s Chrome OS which was a challenge too far as the search giant kept their cheque book firmly in their pockets.
On Wednesday all the browsers (except Apple Safari running on Mac OS X Mountain Lion) and Java were successfully attacked, with Thursday seeing the fall of Adobe Reader, Flash and even Internet Explorer 10 running on Surface Pro.
Perhaps unsurprisingly, the hardest hit throughout the competition was Java with researchers showing 4 vulnerabilities in 3 different classes despite the fact that Oracle have recently had to release three emergency patches in quick succession just before Pwn2Own kicked off.