Pwn2Own 2016 Highlights Kernel Exploits

Update: 19th March 2017:
Apologies for not continually updating this post detailing the fixes for each issue identified. When I attempted to do so I found it wasn’t possible to identify the fixes.

During Pwn2Own CVE numbers (defined) are generally not assigned to the vulnerabilities found or other similar identifiers when publishing the results. With the availability of security updates which include CVEs you cannot tell if they refer to Pwn2Own issues or simply routine responsible disclosures.

Occasionally vendors will mention they have resolved a Pwn2Own vulnerability but not always. In addition the names of the researchers who took part in the contest are frequently present in routine disclosures making singling out specific vulnerabilities more difficult.

Thank you for your understanding.

Update: 25th March 2016:
The first security issue to be addressed as a result of this year’s Pwn2Own contest was a vulnerability in Google Chrome as detailed in a more recent blog post.

Thank you.

Original Post:
As scheduled the final day of Pwn2Own 2016 took place on the 17th of March. Full details of how the individual teams performed and how many exploits were successful are available here and here. In summary Adobe Flash, Apple Safari and Microsoft Edge were successfully exploited with Google Chrome only partially exploited using a known issue.

As noted by Trend Micro the highlights of this year’s contest include that every exploit presented achieved System/root privileges (separately defined) which took advantage of flaws such as buffer overflows (defined) within the kernels (defined) of these products. With the change of focus of exploits targeting the kernel this is a worrying trend and highlights the need for more thorough static analysis/auditing/fuzzing (defined here and here) of the kernel by the vendors to find and resolve vulnerabilities before they are exploited.

The prize money of $460k earned by the participants is truly amazing. Pwn2Own was again a great success and we can look forward to the issues found in the above mentioned products to be fixed and rolled-out to us in the coming months.

Thank you.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s