Tianfu Cup is China's version of Pwn2Own, which in its fourth rendition, like last year's edition, the hacking contest took place in Chengdu, China.
While Tianfu Cup 2021 which has just ended showed off hacking attempts against a number of popular programs, including Windows 10, Linux and popular browsers such as Chrome and Safari, with the hackers successfully hacked several of such popular software programs.
There are multiple other software programs from Microsoft, Adobe, Mozilla, and ASUS that were also successfully hacked with previously unknown exploits in Tianfu Cup 2021.
Major Exploits at Tianfu Cup 2021 Hackathon
The two-day hacking contest took place on October 16 and 17, with several security researchers competing for the prize money. Kunlun Lab took the top spot by winning $654,500 for successful exploits of iOS 15, including a remote code execution flaw in mobile Safari.
Also, the Kunlun Lab researchers pwned Google Chrome by getting Windows system kernel level privilege with two bugs, and the PangU team emerged second with a haul of $522,500 for a remote jailbreak in iPhone 13 Pro running iOS 15, which marks the first time the new iPhone model has been hacked at a public contest, while the VRI team came third by winning a total of $392,500.
Besides the above exploits, several hacks were mounted successfully against targets such as:
- VMWare Workstation
- Ubuntu 20/CentOS 8
- Microsoft Exchange Server
- Adobe PDF Reader
- ASUS RT-AX56U router
- Parallels Desktop
- Docker CE
- QEMU VM
The hacking competition also showed off successful hacking attempts against VMWare ESXi, Adobe PDF Reader and Synology DS220j DiskStation, among others.
The Tianfu Cup hackathon had the overriding idea of using web browsers to navigate a remote URL or using a flaw in the software to control the browser or any of the underlying operating systems.