For the past seven years, an annual hacker competition that pays big cash prizes has driven home the point that no Internet-connected software, regardless of who made it, is immune to exploits that surreptitiously install malware on the underlying computer. The first day of this year's Pwn2Own 2014 and the companion contest that ran concurrently stuck with much the same theme, with successful hacks of the Internet Explorer, Firefox, and Safari browsers and Adobe's Flash and Reader applications.
Contestants from Vupen, the France-based firm that sells fully weaponized exploits to governments it deems non-repressive, fetched $400,000 during day one of the two-day event. The haul came from exploits that allowed team members to gain full control over IE, Firefox, Flash, and Reader. Vupen's Firefox attack was one of three hacks that successfully compromised the Mozilla browser, with researchers Mariusz Mlynski and Juri Aedla also taking it down, feats that won them $50,000 each. At the Pwn4Fun contest held at the same CanSecWest security conference, researchers from Google toppled Apple's Safari browser, and their counterparts from HP commandeered IE.
During day two, Chrome was on tap to be tested. If it is successfully felled, it wouldn't be the first time. Meanwhile, George "GeoHot" Hotz, the hacker who famously bypassed the copyright restrictions of the Sony PlayStation 3, reportedly became the fourth contestant to defeat Firefox during day two. Update: Vupen has reportedly pwned Chrome as well.