Pwn2Own carnage continues as exploits take down Adobe Reader, Flash

Thursday was another grim day for Internet security as contestants at the Pwn2Own hacker competition exploited flaws in Adobe's Reader and Flash programs, allowing them to take full control of the computers they ran on. Oracle's Java was also, once again, felled.

The exploits, which fetched more than $160,000 in prizes, were impressive because they pierced a wall of defenses erected by some of the brightest minds in the field of software engineering. Those defenses included an anti-exploit "sandbox," which Adobe engineers added to Reader in 2010 and have been improving ever since. The mechanism isolates Web content in a restricted container that's sealed off from sensitive operating-system functions, such as writing files to disk or making system changes.

Until last month, no active attack had successfully bypassed the Reader sandbox protection. On Thursday, the defense suffered another significant blow when George Hotz, who hacked Sony's PlayStation 3 in 2010 at age 21, was also able to circumvent the Reader sandbox. The feat won him $70,000.

Read 5 remaining paragraphs | Comments