Malware contest uncovers 34 zero-days in popular software
Google, HP sponsor competitions, find several flaws including iOS kernel issue
Hacking competitions sponsored by Google and HP have identified 34 zero-day vulnerabilities in widely used applications, including six flaws in Microsoft code and a kernel issue in Apple's iOS, the Register reported.
Google's Pwnium contest and HP's Pwn2Own competition - held in Vancouver, Canada, during the annual CanSecWest conference - challenged contestants to find software vulnerabilities in software that have been missed during in-house quality-assurance testing.
During Pwn2Own, which awarded $850,000 in prize money, Chrome, Safari, Internet Explorer and Firefox were all compromised inside the allotted 30-minute timeframe.
"Bug bounty schemes like Pwn2Own are really now just an extension of proper software testing," said Brian Gorenc, manager of vulnerability research for HP's Zero Day Initiative.
"It's about allowing your software to be picked over by skilled independents who may spot flaws that slipped through the quality control proves. It's well worth the prize money."
Also held at the event was a competition called Pwn4Fun, between teams from Google and HP, which raised $82,500 for the Canadian Red Cross. The Google team found six separate zero-day flaws in Microsoft code and a bug in Apple's iOS kernel.