Home / / Malware contest uncovers 34 zero-days in popular software

Malware contest uncovers 34 zero-days in popular software

Google, HP sponsor competitions, find several flaws including iOS kernel issue

Malware contest uncovers 34 zero-days in popular software
A Google team found six separate zero-day flaws in Microsoft code and a bug in Apple’s iOS kernel.

Hacking competitions sponsored by Google and HP have identified 34 zero-day vulnerabilities in widely used applications, including six flaws in Microsoft code and a kernel issue in Apple's iOS, the Register reported.

Google's Pwnium contest and HP's Pwn2Own competition - held in Vancouver, Canada, during the annual CanSecWest conference - challenged contestants to find software vulnerabilities in software that have been missed during in-house quality-assurance testing.

During Pwn2Own, which awarded $850,000 in prize money, Chrome, Safari, Internet Explorer and Firefox were all compromised inside the allotted 30-minute timeframe.

"Bug bounty schemes like Pwn2Own are really now just an extension of proper software testing," said Brian Gorenc, manager of vulnerability research for HP's Zero Day Initiative.

"It's about allowing your software to be picked over by skilled independents who may spot flaws that slipped through the quality control proves. It's well worth the prize money."

Also held at the event was a competition called Pwn4Fun, between teams from Google and HP, which raised $82,500 for the Canadian Red Cross. The Google team found six separate zero-day flaws in Microsoft code and a bug in Apple's iOS kernel.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

CHANNEL AWARD 2018