There was a contest in Chengdu between November 16-17 this year in which white hat hackers earned more than $1 million for discovering exploits. The contest, Tianfu Cup PWN, is similar to Zero Day Initiative’s Pwn2Own – they both have big prizes and in both contests, the demonstrated vulnerabilities are disclosed to their respective vendors. This year, for example, Pwn2Own offered hackers roughly $600,000 in prices.
On the other hand at the Tianfu Cup PWN competition, hackers earned a total of $120,000 for two Microsoft Edge, $150,000 for two Chrome exploit chains, $100,000 for an exploit demonstrated on macOS that was affecting Safari, $200,000 for an iPhone X jailbreak and a remote code execution exploit, $120,000 for two Oracle VirtualBox exploit chains, $100,000 for hacking VMware Workstation and Fusion, $80,000 for a Microsoft Office exploit chain involving a logical bug and a memory corruption flaw and $80,000 for three Adobe Reader hacks.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
Hackers also earned several thousands of dollars for hacking Vivo X23, OPPO R17, and Xiaomi Mi 8 smartphones.
Several attempts that did not earn hackers any money due to the fact that they involved previously disclosed vulnerabilities.
According to organizers, participants earned $1,024,000 for disclosing 30 vulnerabilities.
Tianfu Cup organizers said that the iPhone X exploit involved a type confusion Just-in-Time (JIT) bug in Safari and a use-after-free vulnerability in the iOS kernel. The hackers promised to make details available after Apple releases a fix.
VMware also has confirmed that the vulnerabilities discovered allow a hacker to execute code on the Workstation host from the guest. The company will release fixes for the flaws as soon as possible, including for the ones revealed earlier this month at the GeekPwn2018 hacking competition in China.
Keep in mind that our modern society is dependent on computers, mobile devices, and the use of the internet always stay safe and secured.
We would continue to monitor the cybersecurity world. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.