Pwn2Own Researchers Reveal Oracle, VMware, Apple Zero-Day Exploits

The first day of the 2019 Pwn2Own hacking competition saw researchers awarded a total of $240,000 for demonstrating new zero-day exploits in Apple Safari, Oracle VirtualBox and VMware Workstation. Day in and day out, vendors do their best to keep their software patched and free from zero-day vulnerabilities. Then along comes the annual Pwn2Own competition and within minutes, elite researchers are able to demonstrate new zero-day flaws. The first day of Pwn2Own 2019 on March 20 in Vancouver, Canada, saw researchers reveal new zero-day vulnerabilities in Apple Safari and macOS, as well as Oracle VirtualBox and VMware Workstation. Pwn2Own, which is operated by Trend Micro's Zero Day Initiative (ZDI), rewards researchers with cash prizes for demonstrating new zero-day vulnerabilities during the live event. All told, researchers collected a total of $240,000 in awards for their efforts and there are still two more days left. A team known as Fluoroacetate, made up of researchers Amat Cama and Richard Zhu, was the big winner on day one, exploiting Apple Safari, Oracle VirtualBox and VMware Workstation, earning $160,000 for their day's effort. In terms of how a single group was so successful, it has to do with circumstance and opportunity.