“So much for browser security,” Lucian Constantin reports for IDG News Service. “Researchers who participated in the Pwn2Own hacking contest this week demonstrated remote code execution exploits against the top four browsers, and also hacked the widely used Adobe Reader and Flash Player plug-ins.
“On Thursday, South Korean security researcher and serial browser hacker JungHoon Lee, known online as lokihardt, single-handedly popped Internet Explorer 11 and Google Chrome on Microsoft Windows, as well as Apple Safari on Mac OS X,” Constantin reports. “He walked away with US$225,000 in prize money, not including the value of the brand new laptops on which the exploits are demonstrated and which the winners get to take home.”
“Lee’s attack against Google Chrome earned him the largest payout for a single exploit in the history of the competition: $75,000 for the Chrome bug, an extra $25,000 for a privilege escalation to SYSTEM and another $10,000 for also hitting the browser’s beta version—for a total of $110,000,” Constantin reports. “The IE11 exploit earned him an additional $65,000 and the Safari hack $50,000… All bugs were reported to the affected vendors after the contest, as part of the competition’s rules.”
Read more in the full article here.
MacDailyNews Take: The good news is that Apple and the rest now know about these issues and can work to close them.