Pwn2Own 2014: The lineup

Angela Gunn, Senior Security Content Developer, HP Security Research

The competition order for the 2014 Pwn2Own competition was assigned by random drawing in the Pwn2Own room on Wednesday morning. This year found eight contestants targeting all seven products in the competition, with some handling multiple challenges – fifteen competitions in all.

The schedule (all times PDT):

WEDNESDAY

  • 10 AM – PWN4FUN – Google
    Success: $32,500 to the Canadian Red Cross
  • 11 AM – PWN4FUN – ZDI
    Jasiel Spelman, Matt Molinyawe, Abdul-Aziz Hariri
    Success: $50,000 to the Canadian Red Cross
  • 12 PM – Team VUPEN – Adobe Reader
    Success: $75,000
  • 1 PM – Team VUPEN – Oracle Java
    (Update: Entry withdrawn)
  • 2 PM – Team VUPEN – Microsoft Internet Explorer
    Success: $100,000
  • 3 PM – Mariusz Mlynski – Mozilla Firefox
    Success: $50,000
  • 4 PM – Team VUPEN – Adobe Flash
    Success: $75,000
  • 5 PM – Team VUPEN – Mozilla Firefox
    Success: $50,000
  • 6 PM – Jüri Aedla – Mozilla Firefox
    Success: $50,000

THURSDAY

  • 10 AM – Liang Chen of Keen Team – Apple Safari
    Success: $65,000
  • 11 AM – Team VUPEN – Apple Safari
    (Update: Entry withdrawn)
  • 12 PM – Jung Hoon Lee of ASRT – Microsoft Internet Explorer
    Unsuccessful
  • 1 PM – George Hotz – Mozilla Firefox
    Success: $50,000
  • 2 PM – Sebastian Apelt and Andreas Schmidt – Microsoft Internet Explorer
    Success: $100,000
  • 3 PM – Team VUPEN – Google Chrome
    Success: $100,000
  • 4 PM – Anonymous researcher (entering by proxy) – Google Chrome
    Partial win: $60,000
  • 5 PM – Zeguang Zhao of Team509 and Liang Chen of Keen Team – Adobe Flash
    Success: $75,000

There were no entrants for the Exploit Unicorn multi-product event.

Contest co-sponsors ZDI and Google are pleased to announce that for 2014, we will be acquiring and paying contest winnings on all successful Pwn2Own entries. Should all entrants successfully exploit all the categories they’ve entered, that will mean a payout of $1,085,000, a Pwn2Own record.

Additional Resources

HP Security Research Blog

The HP Security Research blog provides a platform for security experts from across HP to discuss innovative research, industry observations, and updates on the threat landscape to help organizations proactively identify and manage risk.
More

HP Zero Day Initiative

The Zero Day Initiative (ZDI), founded by TippingPoint, is a program designed to reward security researchers for responsibly disclosing vulnerabilities.
More

HP Enterprise Security

Manage risk, mitigate threats and secure your business.
More