Welcome to Pwn2Own 2020 - The Schedule and Live Results
March 18, 2020 | Dustin ChildsWelcome to Pwn2Own 2020! This year’s contest will be the first where all attempts occur remotely. We have contestants from around the world ready to demonstrate some amazing research, and we have ZDI researchers ready to run and verify their attempts. Our returning partner Microsoft and sponsor VMware will also be online with us, as well as other affected vendors. We might not be in the same room, but we’re virtually together and ready for a fantastic contest.
The schedule for today is posted below, and we’ll be updating this blog throughout the day with results and updates. We’ll post a full summary of today’s events (including videos of the attempts) tomorrow morning.
As always, we started the contest with a random drawing to determine the order of attempts. We have four attempts scheduled for today and four queued up for tomorrow. The full schedule for Day One is below (all times Pacific [UTC -7:00]). We will update this schedule with results as they become available.
Day One – March 18, 2020
1000 - The Georgia Tech Systems Software & Security Lab (@SSLab_Gatech) team of Yong Hwi Jin (@jinmo123), Jungwon Lim (@setuid0x0_), and Insu Yun (@insu_yun_en) targeting Apple Safari with a macOS kernel escalation of privilege.
SUCCESS - The team from Georgia Tech used a six bug chain to pop calc and escalate to root. They earn $70,000 USD and 7 Master of Pwn points.
1200 - Flourescence targeting Microsoft Windows with a local privilege escalation.
SUCCESS - The Pwn2Own veteran used a UAF in Windows to escalate privileges. He earns $40,000 USD and 4 points towards Master of Pwn.
1400 - Manfred Paul of the RedRocket CTF team targeting the Ubuntu Desktop with a local privilege escalation.
SUCCESS - The Pwn2Own newcomer wasted no time. He used an improper input validation bug to escalate privileges. This earned him $30,000 and 3 Master of Pwn points.
1600 - The Fluoroacetate team of Amat Cama and Richard Zhu targeting Microsoft Windows with a local privilege escalation.
SUCCESS - Day One ends with the returing Master of Pwn winners showing they are ready to repeat. They leveraged a UAF in Windows to escalate to SYSTEM. The exploit earns them $40,000 and 4 Master of Pwn points.
Day Two – March 19, 2020
1000 - Phi Phạm Hồng (@4nhdaden) of STAR Labs (@starlabs_sg) targeting Oracle VirtualBox in the Virtualization category.
SUCCESS - Day Two kicks off with 4nhdaden using an OOB Read for an info leak and an unitialized variable for code execution on the hypervisor. He earns himself $40,000 and 4 Master of Pwn points.
1200 - The Fluoroacetate team of Amat Cama and Richard Zhu targeting Adobe Reader with a Windows local privilege escalation.
SUCCESS - The Fluoroacetate duo used a pair of UAFs - one in Acrobat and one in the Windows kernel - to elevate privileges and take over the system. They earn $50,000 and 5 points towards Master of Pwn.
1400 - The Synacktiv team of Corentin Bayet (@OnlyTheDuck) and Bruno Pujos (@BrunoPujos) targeting the VMware Workstation in the Virtualization category.
FAILURE - The team was unable to demonstrate their exploit in the time allotted.
1600 - Special demonstration from Lucas Leong (@_wmliang_) of the Zero Day Initiative against Oracle VirtualBox.
SUCCESS - You can watch the video replay at https://youtu.be/LUH6ZxYNJFg
As always, we’ll update this blog with results throughout the day and recap each day’s events in a separate post. You can also find the latest results by following our Twitter feed. Best of luck to all of our contestants!