Microsoft Edge got hacked at Pwn2Own 2019, patch incoming

Rabia Noureen avatar. By: Rabia Noureen
2 minute read
Pwn2Own 2019

Home » News » Microsoft Edge got hacked at Pwn2Own 2019, patch incoming

Security researchers hacked Microsoft Edge and Mozilla Firefox right and earned a cash prize of $270K at Pwn2Own hacking event. 

The Firefox 66 browser was announced on March 19, so the company let friendly hackers to attack it in order to detect any potential security vulnerabilities.

The researchers identified two issues in the web browser.  On the very next day, the company decided to release a patch to fix both of them in Firefox 66.0.1 update. 

Those who are not aware of Pwn2Own, it is basically an annual hacking competition. It provides a great opportunity to security researchers so that they can demonstrate new zero-day bugs.

In return for their efforts, Trend Micro’s Zero Day Initiative (ZDI) rewards them with a handsome amount. 

Pwn2Own Roundup

The researchers who demonstrated new vulnerabilities in Oracle VirtualBox, Apple Safari and VMware workstation were awarded $240,000 on the first day of Pwn2Own 2019.

Moving towards the second day, ZDI awarded an amount of $270,000 to those researchers who identified new bugs in Microsoft’s Edge and Mozilla Firefox browser. 

This is how researchers managed to hack Edge:

That’s all it took to go from a browser in a virtual machine client to executing code on the underlying hypervisor. They started with a type confusion bug in the Microsoft Edge browser, then used a race condition in the Windows kernel followed by an out-of-bounds write in VMware workstation

Most importantly, the kernel escalation flaw in Firefox 66 was demonstrated by Richard Zhu and Amat Cama officially known as Fluoroacetate received an award for $50,000. Niklas Baumstark used a sandbox escape technique to exploit Firefox 66.0 and received an award of $40,000. 

All of these vulnerabilities have been reported to Microsoft and Mozilla, and the companies are working on the patches are expected to release in the next updates. 

RELATED ARTICLES YOU NEED TO CHECK OUT:

Discussions

Next up

Here’s how to easily remove Blu-ray region code from a Blu-ray disc

Loredana Paraianu avatar. By: Loredana Paraianu
2 minute read

Many Blu-ray discs have a regional block that can prevent most devices in other regions from playing the content from these discs. Put simply, this […]

Continue Reading

Worry not, Microsoft Paint will be included in Windows 10 v1903

Zille Huma avatar. By: Zille Huma
2 minute read

Microsoft confirmed that MS Paint will still be a part of Windows 10 version 1903. It appears that Paint is here to stay. Microsoft is […]

Continue Reading

How to fix Windows Explorer needs to be restarted error

Loredana Paraianu avatar. By: Loredana Paraianu
2 minute read

Windows 10 is a great operating system, but sometimes you might get Windows Explorer needs to be restarted out of the blue. This error can […]

Continue Reading