14 DAY TRIAL // The second and last day of the Pwn2Own 2016 hacking competition is over, and researchers managed to successfully carry out attacks in three of the last five scheduled presentations.
First to showcase their hacking skills were Tencent Security Team Sniper, who exploited a use-after-free vulnerability in Safari and an out-of-bounds vulnerability in Mac OS X in order to get root privileges on the device. This pocketed the team $40,000, money that came from the competition's sponsors, HP and Trend Micro.
Second on the day's schedule was the infamous South Korean hacker, JungHoon Lee (lokihardt), who used an uninitialized stack variable vulnerability in Microsoft Edge and a directory traversal vulnerability in Microsoft Windows to elevate his exploit's privileges to the SYSTEM user. These two vulnerabilities pocketed Lee an additional $85,000, which adds to his earnings of $60,000 from the contest's first day.
Researchers also failed in their hacking attempts
The next two presentations both failed, which was a first time at a Pwn2Own competition, when two attempts failed in a row. These were an attempt by Lee to hack into Google Chrome, and another attempt from Tencent Security Team Shield to hack Adobe Flash on Windows.
The day did end on a high note after Tencent Security Team Sniper won another $52,500 for chaining an out-of-bounds vulnerability in Microsoft Edge and a buffer overflow vulnerability in the Windows Kernel to get SYSTEM privileges.
Pwn2Own 2016, event recap
The second day of Pwn2Own allowed researchers to win $137,500, which brings the competition's total payout to $460,000. This figure is less than last year's record-breaking event, which pocketed researchers $552,000.
In total, security researchers discovered 21 new security flaws in products such as Apple Safari (3), Apple OS X (5), Adobe Flash (4), Google Chrome (1), Microsoft Edge (2), and Microsoft Windows (6).
JungHoon Lee earned the most money this year, more exactly $145,000, while Tencent Security Team Sniper won the technical competition, by getting 38 Pwn points, compared to Lee and Qihoo's 360Vulcan Team, who both earned only 25 Pwn points. Money-wise, Team Sniper also earned $142,500 while 360Vulcan Team cashed in $132,500.
