Pwn2Own 2020: Hacker Wins $30,000 For Ubuntu’s Privilege Escalation Bug

The 2020 spring edition of the Pwn2Own hacking contest has come to an in depth today. This year’s winner is Team Fluoroacetate - made from security researchers Amat Cama and Richard Zhu - who won the competition after accumulating nine points across the two-day competition, which was only enough to increase their dominance and win their fourth tournament during a row.

But this year’s edition was a notable event for an additional reason. While the spring edition of the Pwn2Own hacking contest takes place at the CanSecWest cyber-security conference, held each spring in Vancouver, Canada, this year was different.

Due to the continued coronavirus (COVID-19) outbreak and travel restrictions imposed in many countries round the globe, many security researchers couldn’t attend or weren’t willing to visit Vancouver and potentially put their health in danger.

Instead, this year’s Pwn2Own edition has become the first-ever hacking contest that has been hosted during a virtual setting.

Participants sent exploits to Pwn2Own organizers beforehand , who ran the code during a live stream with all participants present.

During the competition’s two-day schedule, six teams managed to hack apps and operating systems like Windows, macOS, Ubuntu, Safari, Adobe Reader, and Oracle VirtualBox. All bugs exploited during the competition were immediately reported to their respective companies.

The results of the two-day contest are below, broken down per each team’s attempt. The table at the bottom of the article is that the competition’s final ranking.

Following are the results of each team’s efforts:

• The Georgia Tech system program and Security Lab, the runners from the competition targeted Apple’s Safari browser with a macOS kernel escalation of privilege. The team used a six-bug exploit chain to pop the calculator app on MacOS and escalate its access rights to root. The team earned a $70,000 reward and seven Master of Pwn points.
• The winning team, Fluoroacetate’s member targeted Microsoft Windows with an area privilege escalation. Their exploit was also reported successful and earned them a $40,000 reward, alongside 4 Master of Pwn points.
• A member from the Red Rocket CTF Team targeted Ubuntu Desktop with an area privilege escalation. The hacker used an improper input validation bug to escalate privileges. He earned a gift of $30,000 and three Master of Pwn points.
• The winning team Fluoroacetate targeted Microsoft Windows with an area privilege escalation also. This won them $40,000 separately alongside 4 more Master of Pwn Points.
• The Fluoroacetate team also targeted Adobe Reader with a Windows local privilege, which was also successful, earning them 5 more Master of Pwn points and $50,000 more.

Pwn2Own 2020: Day 1

Manfred Paul of Red Rocket team won $30,000 and three Master of Pwn points by successfully using an improper input validation bug to escalate privileges on a Ubuntu desktop. Paul may be a newcomer to the annual hacking event and accomplished his goal within the very first attempt.

A team from Georgia Tech system program and Security Lab won the utmost amount of $70,000 on the primary day by targeting Apple Safari. They used a six bug chain to pop calc and escalate to root.

Last year’s winning champion team Fluorescence took home $40,000 by leveraging a UAF in Windows to escalate to SYSTEM.

Pwn2Own 2020: Day 2

On the second day of the event, Phi Pham Hong from STAR labs targeted Oracle VirtualBox with using an OOB Read for an info leak. He used an uninitialized variable for code execution on the hypervisor. Phi Pham Hong won $40,000 for it.

Synacktiv team of Corentin Bayet and Bruno Pujos did not demonstrate their exploit during which they were alleged to target the VMware Workstation within the virtualization category within the provided time.

Thank you for reading this article. Do let me know for any queries in comment section below.