Last Fall, TippingPoint was acquired by Trend Micro from Hewlett-Packard. As a major sponsor, this brought into question if Pwn2Own would continue. More details have been revealed to confirm that Pwn2Own 2016 will take place in conjunction with the CanSecWest security conference in Vancouver. In addition to confirming Pwn2Own 2016, it was revealed that the hacking competition promoting responsible disclosure, will be getting a bit of a revamping to improve the contest.
In addition to the prize money for proving individual exploits, a “Master of Pwn” (or more than one in case of a tie) will be dubbed and will receive 65,000 ZDI reward points (about $25,000). Escaping a VMware virtual machine will be worth 13 points and a $75k bonus. Google Chrome, Microsoft Edge, Adobe Flash, and Apple Safari are also targets
Google Chrome: $65,000
Microsoft Edge: $65,000
Adobe Flash running in Microsoft Edge: $60,000
Mac OS X-based targets:
Apple Safari: $40,000
If the exploit achieves SYSTEM-level code execution or root-level code execution, the contestant will receive an additional $20,000.
As mentioned, the Windows-based targets will be running in a VMware Workstation virtual machine. If anyone manages to escape the VMware Workstation virtual machine and achieves code execution on the host operating system, they’ll receive an additional $75,000. This prize is only eligible on the Windows-based targets listed above.
See the Zero Day Initiative site for the full and official rules to the contest. We will follow-up with results as they are posted here on 404 Tech Support.