Microsoft has stated countless times that Edge is the most secure browser its engineers have ever created. However, white hat hackers recently proved otherwise.
Pwn2Own is the world’s best-known hacking contest where many hackers gather together and try to identify and exploit software vulnerabilities. At this year’s edition, software solutions such as Oracle VirtualBox, Microsoft Hyper-V Client, Chrome, Safari, Edge, Firefox, Adobe Reader, Microsoft Outlook, and many more were available for hacking.
The winner of the 2018 Pwn2Own edition is Richard Zhu, a hacker who managed to break through Edge’s and Firefox’s security barriers.
Richard returned to target Microsoft Edge with a Windows kernel EoP […] After his first attempt failed, he proceeded to debug his exploit in front of the crowd while still on the clock. His second attempt nearly succeeded, but the target blue screened just as his shell started. His third attempt succeeded with only one minute and 37 seconds left. In the end, he used two use-after-free (UAF) bugs in the browser and an integer overflow in the kernel to successfully run his code with elevated privileges.
Zhu was rewarded $120,000 for his results.
Microsoft should soon roll out a patch
The Pwn2Own contest was organized by Trend Micro’s Zero Day Initiative (ZDI). The company then offered vendor representatives more details about the exploits that hackers used during the competition.
However, these vulnerability details are not yet available to the public as vendors have 90 days at their disposal to issue the corresponding patches.
In other words, Microsoft should soon release a patch targeting these recently revealed vulnerabilities.
Speaking of vulnerabilities, Microsoft recently launched a new bug bounty program that rewards you $250,000 to find security issues in its programs.
For more information on how to protect your Windows 10 computer against the latest cyber security threats, check out the guides listed below: