Pwn2Own is the annual hacking contest event organized by Trend Micro’s Zero Day Initiative (ZDI). Pwn2Own Tokyo 2019 contest offers over $750,000 in rewards for working exploits targeting one of the devices in a list of 17 systems. For the first time, This is the ever, Pwn2Own Tokyo 2019 is asking participants to find vulnerabilities in the Portal smart display and the Facebook Oculus Quest virtual reality headset.
“The first day of Pwn2Own Tokyo 2019 has come to a close, and some amazing research was demonstrated throughout the day. In total, we awarded $195,000 for 12 total bugs.” states the post published by ZDI. “The day saw nine successful attempts against seven targets in five categories.”
On the first day, white hat hackers that participated in the contest made a total of 10 attempts.
The day started with Amat
The flaw could be exploited by an attacker to get a shell on the device by tricking the victim into visiting a malicious website from the TV’s built-in browser.
“The Fluoroacetate duo used a Javascript OOB Read bug to exploit the television’s built-in web browser to get a bind shell from the TV. They earned $15K and 2
The duo also received $20,000 by exploiting a JavaScript flaw that jumped the stack to
Another duo of experts, Pedro Ribeiro and Radek
The duo Team Flashback also received $5,000 for a code execution exploit chain against the TP-Link AC1750 Smart WiFi router over the LAN interface.
On the same day, the F-Secure Labs team obtained a partial success, it chained two logic flaws to
Another partial success was obtained by Richard and Amat that used an integer overflow with a UAF to escape the sandbox, however, the overflow was already known.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate banner=”13″]