The following products were successfully exploited, please install the necessary updates for them when they become available: Apple Safari, Apple macOS, Ubuntu Desktop, Windows, Oracle VirtualBox and Adobe Reader
As long-time readers of this blog will know, the Pwn2Own security conference with its white hacking contest is my favourite event of the year. Sophisticated vulnerability exploitation is showcased, the contestants receive large sums of money and we as consumers receive safer products to use on a day to day basis. It took place late last week virtually due to the Coronavirus. The results from both days of competition can be found here. The total prize was USD $270,000.
The winners of the competition were Richard Zhu and Amat Cama of Team Fluoroacetate winning the Master of Pwn title and USD $90,000 in prize money.
Returning to the trend of previous years, exploits against the Apple macOS kernel (defined) and Windows kernel were common again. These are high severity vulnerabilities but when addressed will make our systems safer.
The vendors have up to 90 days to resolve the vulnerabilities before public disclosure. Please expect and apply the necessary security updates to the affected as they become available