Microsoft’s Internet Explorer 10 browser (IE10) running on a Windows Surface Pro machine was successful hacked by teams at the Pwn2Own hacking contest, helping researchers rake in thousands of pounds in prize money.
Announcing their success on Twitter, a team known as Vupen Security managed to exploit security holes in the platform on a Windows 8 machine, the Surface Pro,
We've pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass #Pwn2own— VUPEN Security (@VUPEN) March 7, 2013
The hack was confirmed by the organisation running the competition, helping Vupen walk away with a cool $100,000 for its hack.
@vupen just dropped IE10 and bypassed the sandbox on Windows 8 on the Surface Pro without crashing the browser!— Zero Day Initiative (@thezdi) March 6, 2013
The Vupen team also found exploits in Firefox 19, helping it rake in more cash to the tune of $60,000 The team confirmed it had passed on all the security flaws to the relevant companies.
ALL our 0days & techniques used at #Pwn2own have been reported to affected software vendors to allow them issue patches and protect users
— VUPEN Security (@VUPEN) March 7, 2013
Chief executive of Vupen, Chauoki Bekar, had told V3 earlier this year his team would be back to try and replicate their success in 2012.
Last year, Google withdrew its sponsorship offer for Pwn2Own, complaining that the competition rules would allow entrants to demonstrate hacks that defeated a browser's sandbox security feature, without having to share the full details of the exploit.
It set up its own rival hacking competition in response but was back as a key sponsor for the competition this time around.
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal
Microsoft, Google and Samsung all targeted as Avast admits to the scale of the CCleaner compromise
Not all loose ends tied yet, admits Bain backer SK Hynix