Datamation Logo

Pwn2Own Pays Hackers $480K in Bug Bounties

March 8, 2013
Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The annual Pwn2Own hacking contest is wrapping up after paying nearly half a million dollars in cash prizes. Researchers successfully hacked Firefox, Internet Explorer, Chrome, Java and Adobe plug-ins during the event.

Robert Lemos with eWeek reported, “Security researchers claimed nearly $500,000 in bounties for demonstrating previously unknown–or zero-day–attacks against all major browsers and three popular browser plugins at the annual Pwn2Own competition at the CanSecWest conference in Vancouver, British Columbia. The three-day contest, which ends on March 8, requires that security professionals play the role of attackers and compromise fully patched versions of popular browsers running on Windows 8 and Mac OS X. After a successful attack, which requires that the researcher gain control over the target system, the contestants must turn over the details of the vulnerability to Hewlett-Packard’s Zero Day Initiative (ZDI), which runs the competition. Those details are then passed to vendors to be patched.”

Computerworld’s Greg Keizer added, “A day after researchers hacked Chrome and Firefox at the Pwn2Own contest, Google and Mozilla patched their browsers Thursday. The contest also wound down yesterday after hackers had earned a record $480,000 over two days.”

TechSpot’s Jose Vilches noted, “No browser was left standing at this year’s Pwn2Own hacking contest. The latest versions of Microsoft’s Internet Explorer, Google’s Chrome, and Mozilla’s Firefox all succumbed to exploits on day one, with hackers targeting a variety of zero-day vulnerabilities on each browser and Windows to hijack the underlying computer.”

InformationWeek’s Matthew J. Schwartz observed, “But the prize money on offer is reportedly still a fraction of what a top-notch exploit commands on the open market. Accordingly, why bother participating? SecurityWeek’s Ryan Naraine put that question to Chaouki Bekrar, CEO of Vupen, which fielded employees who successfully exploited the latest version of Microsoft Internet Explorer 10 running on Windows 8, using an exploit that silently bypassed all built-in attack-mitigation techniques, including DEP and ASLR, as well as the IE10 sandbox. Bekrar replied that his goal was to advertise his business’s skill at creating ‘weaponized exploits.’ ‘The aim for us by coming here to Pwn2Own is to show that even the newest technologies, the newest operating systems, the newest browsers, can get pwned,’ he said.”

  SEE ALL
ARTICLES
 

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Datamation Logo

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Our Brands


Privacy Policy Terms & Conditions About Contact Advertise California - Do Not Sell My Information

Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.