Day 2 of the Pwn2Own hacking contest saw Microsoft Edge and Mozilla Firefox being exploited. Microsoft’s Windows 10 browser was evaded when researchers developed a complex method for escaping a virtual machine.
Starting with Mozilla Firefox, Richard Zhu and Amat Cama from Fluoroacetate tried to exploit Firefox with a JIT Bug paired with an out-of-bounds write in Windows kernel. By leveraging this method, the researchers were able to run code at a system level.
This means they essentially took over the PC by directing Firefox to a website with crafted malicious content. For breaking into Firefox, the pair were handed a prize of $50,000.
Cama and Zhu were not the only researchers who defeated Firefox. Niklas Baumstark also used a JIT Bug combined with a logic bug to escape the browser’s sandbox. By doing so, he was able to work and achieve log-in rights and gain full system access.
For his efforts, Baumstark was given a $40,000 for his research.
Beating Microsoft Edge
Zhu and Cama also set to work on Microsoft Edge. The team created a very complex way to exploit the browser to win $130,000.
“Starting from within a VMWare Workstation client, they opened Microsoft Edge and browsed to their specially crafted web page,” Zero Day Initiative says.
“That’s all it took to go from a browser in a virtual machine client to executing code on the underlying hypervisor. They started with a type confusion bug in the Microsoft Edge browser, then used a race condition in the Windows kernel followed by an out-of-bounds write in VMware workstation.”
Microsoft Edge was also exploited by Arthur Gerkis of Exodus Intelligence. He used a double-free bug to escape the browser’s sandbox. For his efforts he claimed $50,000.
