Adobe Reader and Flash exploits found at Pwn2Own

On Thursday, we reported that security firms had found zero day exploits in three web browsers as part of the Pwn2Own competition. Two exploits were found in Internet Explorer 10 for Windows 8 by the French security company VUPEN.

Now there's word that the same company found an bug in Adobe Flash Player that allowed them to take control of the PCs that had Flash installed on their systems. Ars Technica reports that the team won $70,000 as part of the Pwn2Own competition, which is taking place this week as part of the CanSecWest security conference.

Flash has not had an easy time of it lately: the program received three security patches in February, two of which were unscheduled releases in order to close exploits that were being used by hackers. We presume that Adobe will be issuing another Flash security update soon.

George Hotz, the hacker who gain both fame and infamy for his work in unlocking iPhones and hacking the Playstation 3, went after Adobe's Reader application as part of the competition and managed to get through the program's sandbox to take over the PC that had Reader installed. Hotz also picked up $70,000 for his efforts.

Source: Ars Technica | Image via Adobe

Report a problem with article
Previous Story

Google fined $7m for 'accidental' Street View car Wi-Fi tapping

Next Story

Trend Micro claims 1 in 10 Android apps are malware

9 Comments

Commenting is disabled on this article.

You said it in fewer choice words than I would prefer. I am amazed that we are still using Flash. If the browser companies can stop infighting for 5 minutes we'd be much better off - but I think once YouTube ditches Flash, it'll Begin.

TsMkLg068426 said,
When the hell will Adobe Flash die and replace with HTML5? Seriously die already and also Java.

We can't just go off how secure something is, otherwise we'd all have to move to Chrome OS because no one was able to hack that

I am so shocked, I almost passed out!!

Generally, always have flash either disabled, except for when I need it, or blocked and DO NOT use that POS, bloated reader crap thing!

What, no Java exploits? I guess since there's so many 0-day Java exploits lately, they won't pay out large sums for those.

There were a number of Java exploits revealed at CanSecWest. Pwn2Own pays out $20k for each successful Java exploit.