The View from DVLabs – Pwn2Own 2017
Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Wed, 15 Mar 2017 22:36:06 +0000
This blog will be updated throughout the competition so keep tracking for the latest updates!
A global outbreak of bigger bugs. Badder bugs. And they’re threatening the world as we know it. Yes, it sounds like a poorly-written trailer for the next summer blockbuster alien invasion movie, but in truth, it’s a reality we’ll face yet again this year. We are back in Vancouver, B.C. for the 2017 Pwn2Own competition run by the Trend Micro TippingPoint Zero Day Initiative. We are looking at an unprecedented 30 entries this year, well above anything we’ve seen from previous competitions. What is especially exciting are the entrants in the VMware escape category, where we may see exploits not normally seen against the virtual machine allowing an attacker to break out of a VM environment and control the host.
The TippingPoint DVLabs team is onsite as usual, meeting with each of the hacking teams and dissecting the code and exploits in order to provide zero-day filters for all remotely exploitable vulnerabilities. One of the questions we get is: What’s the point of covering these vulnerabilities if only one hacker is attempting to exploit them? Well, you only have to look at the success of the patches from vendors this year for the answer. Just before Pwn2Own commences each year, almost all vendors furiously issue patches to attempt to minimize the number of successful exploits. Once again, we saw a series of likely defensive submissions from contestants, aimed at “burning” or eliminating zero-days that other teams could use to win the competition. What this tells us is that multiple researchers have found similar zero-day vulnerabilities. We can expand this concept to assume the bad guys have found some of these bugs as well and will use them before they are patched out, if they’re not using them already. This is where you see the power of DVLabs and our Digital Vaccine filter set. By providing “virtual patches” for these extremely dangerous and prolific vulnerabilities, our customers are uniquely protected until vendors can build and release a patch, and maintenance windows can be scheduled for impacted systems to be remedied.
Keep following this post for updates, including upcoming Digital Vaccine coverage for all of the network-exploitable vulnerabilities seen over this hectic three-day hackfest!
Day 1: March 15, 2017
| Time (PDT) | Team | Target | Successful? | Upcoming Digital Vaccine Coverage? |
| 10:00 am | 360 Security (@mj0011sec) | Adobe Reader | Yes | Yes ZDI-CAN-4575 |
| 11:30 am | Samuel Groß (@5aelo) and Niklas Baumstark (@_niklasb) | Apple Safari with an escalation to root on macOS | Partial Win | Yes ZDI-CAN-4578 |
| 1:00 pm | Tencent Security – Team Ether | Microsoft Edge | Yes | N/A |
| 2:00 pm | Chaitin Security Research Lab (@ChaitinTech) | Ubuntu Desktop | Yes | Local Only |
| 3:30 pm | Tencent Security – Team Ether | Microsoft Windows | No | N/A |
| 5:00 pm | Ralf-Philipp Weinmann | Microsoft Edge with a SYSTEM-level escalation | ||
| 6:00 pm | Tencent Security – Team Sniper (Keen Lab and PC Mgr) | Google Chrome with a SYSTEM-level escalation | ||
| 7:30 pm | Tencent Security – Team Sniper (Keen Lab and PC Mgr) | Adobe Reader | ||
| 8:30 pm | Chaitin Security Research Lab (@ChaitinTech) | Apple Safari with an escalation to root on macOS | ||
| 10:00 pm | Richard Zhu (fluorescence) | Apple Safari with an escalation to root on macOS |