Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China.
“Many mature and hard targets have been pwned on this year’s contest,” the event organizers said. “11 out of 16 targets cracked with 23 successful demos.”
The hacking competition showed off hacking attempts against a number of platforms, including:
- Adobe PDF Reader
- Apple iPhone 11 Pro running iOS 14 and Safari browser
- ASUS RT-AX86U router
- CentOS 8
- Docker Community Edition
- Google Chrome
- Microsoft Windows 10 v2004
- Mozilla Firefox
- Samsung Galaxy S20 running Android 10
- TP-Link TL-WDR7660 router
- VMware ESXi hypervisor
The Tianfu Cup, analogous to Pwn2Own, was started in 2018 following a government regulation in the country that barred security researchers from participating in international hacking competitions because of national security concerns.
The two-day event, which happened over the weekend, saw white hat hackers from 15 different teams using original vulnerabilities to break into widely used software and mobile devices in 5 minutes over three attempts.
The idea, in a nutshell, is to use various web browsers to navigate to a remote URL or use a flaw in the software to control the browser or the underlying operating system.
Qihoo 360’s Enterprise Security and Government (ESG) Vulnerability Research Institute came out top with $744,500 in prize money, followed by Ant-Financial Light-Year Security Lab ($258,000) and a security researcher named Pang ($99,500).
Patches for all the demonstrated bugs demonstrated are expected to be released in the coming days.