---

The first day of Pwn2Own 2017 has come to a close, and so far, we’ve awarded $233,000 USD and 45 points for Master of Pwn. Today saw five successful attempts, one partial success, two failures, and two entries withdrawn.

北京时间3月16日凌晨，Pwn2Own2017世界黑客大赛在加拿大温哥华正式开幕。

本届比赛正值Pwn2Own十周年，比赛设置了浏览器及插件、虚拟机、系统提权、企业应用程序，以及服务器五大类别，共15个挑战项目，总奖金超过百万美元，吸引了中国、美国、德国的11支团队参赛。

Pwn2Own2017比赛分为三天进行，首日比赛战罢，目前已有多支中国团队亮相。

Pwn2Own2017第一天比赛已经结束，总共发放了233,000美元的奖金和45个积分。在第一天的比赛中，有5个项目挑战成功，1个项目部分成功，两个项目挑战失败，两个项目放弃挑战。

Pwn2Own2017第一天战况
团队	调整项目	结果
360安全团队	Adobe Reader	挑战成功
德国 Samuel Groß and Niklas Baumstark	苹果Safari浏览器和MacOS root	部分成功
腾讯Ether团队	微软Edge浏览器	挑战成功
长亭安全实验室	Ubuntu本地提权	挑战成功
腾讯Ether团队	Win10本地提权	弃权
德国 Ralf-Philipp Weinmann	Edge浏览器+Win10系统权限	弃权
腾讯Sniper团队	Chrome+Win10系统权限	挑战失败
亭安全实验室长	苹果Safari+MacOS root	挑战成功
美国 RichardZhu	苹果Safari+MacOS root	挑战失败

Our day started with the 360 Security team successfully using a jpeg2000 heap overflow, a Windows kernel info leak, and an uninitialized Windows kernel buffer to gain remote code execution (RCE) through Adobe Reader. In the process, they earned themselves $50,000 USD and 6 points towards Master of Pwn.

360安全团队利用jpeg2000 栈溢出，Windows内核信息泄露和未初始化的Windows内核缓冲区通过Adobe Reader获得远程代码执行。获得5W美金和6个积分。

Next up, Samuel Groß and Niklas Baumstark earned some style points by leaving a special message on the touch bar of the targeted Mac. They employed a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate their privileges to root in macOS. Unfortunately, the UAF had already been corrected in the beta version of the browser, but this bug chain still netted them a partial win, garnering them $28,000 and 9 Master of Pwn points.

接下来是来自德国的Samuel Groß 和 Niklas Baumstark团队，挑战苹果Safari和MacOS提权。他们首先在目标macbook的 touchbar上留下一条特殊信息获得1分。在攻击Safari上，利用UAF结合三个逻辑错误和一个空指令取消引用来利用safari从而在macos中提权到root。但是部分漏洞已经被苹果公司修正了，所以他们只成功了部分。最终获得了28000美元和9分

The next contestant was Tencent Security – Team Ether targeting Microsoft Edge. They succeeded by using an arbitrary write in Chakra and escaped the sandbox using a logic bug within the sandbox. This netted them a cool $80,000 and 10 points for Master of Pwn.

第三个出场的是腾讯Ether团队，他们的攻击目标是微软的Edge，他们通过在Chakra中使用任意写入成功，并使用沙箱中的逻辑漏洞逃离沙箱，最终获8万美元奖金和10个积分的基本奖项。

Ubuntu Linux was welcomed to Pwn2Own by the Chaitin Security Research Lab. They leveraged a Linux kernel heap out-of-bounds access bug to earn themselves $15,000 and 3 Master of Pwn points. We’ve seen folks pop calc before, but popping xcalc was a nice touch..

Ubuntu Desktop在今年首次登陆Pwn2Own赛场，来自中国的安全团队长亭安全研究实验成功攻破该项目，获得15000美元和3个积分。

Despite their earlier success, Tencent Security – Team Ether withdrew their entry targeting Microsoft Windows. Ralf-Philipp Weinmann also withdrew his attempt to exploit Microsoft Edge. Perhaps the recent security patches affected their exploits after all.

腾讯Ether团队挑战微软Win10系统提权项目，但是微软3月发布了修复补丁，腾讯放弃了该项目

Next, Tencent Security - Team Sniper (Keen Lab and PC Mgr) targeting Google Chrome with a SYSTEM-level escalation. Unfortunately, they could not get their exploit chain working within the allotted timeframe, resulting in a failure.

However, the team came right back to target Adobe Reader and succeeded by using an info leak in Reader followed by a UAF to get code execution. They then leveraged a UAF in the kernel to gain SYSTEM-level privileges. Since this was the second win in the Enterprise Application category, it netted the team $25,000 and 6 points for Master of Pwn.

接下来腾讯安全团队又调整了Chrome，但是他们没有在规定的时间内完成，导致失败。 最后他们转向Adobe Reader，最终挑战成功，获得25000美元和6个积分的奖励。

The Chaitin Security Research Lab followed up their previous success with some fantastic late-evening exploits. They broke through Apple Safari to gain root access on macOS by using a total of six bugs in their exploit chain including an info disclosure in Safari, four different type confusion bugs in the browser, and a UAF in WindowServer. This spectacular demonstration earned them $35,000 and 11 points towards Master of Pwn. They also let us know their research was guided by advisories released through the ZDI program.

最后的话是来自中国的长亭安全实验室调整Safari和MacOS系统提权，挑战成功，获得35000美元和11个积分。

Overall, it was a fantastic start to the first day of our largest competition ever. The contestants successfully demonstrated 20 different bugs in their successful exploits. As for Master of Pwn, the Chaitin Security Research Lab currently leads the competition with 14 points. With two separate tracks happening on Day Two – including the first VMWare escape of the contest – Master of Pwn is still anyone’s game.

总的来说，这场精彩的比赛迎来一个美妙的开始。参数者大展身手，为我们带来了精彩非凡的比赛。来自中国的长亭安全实验室目前以14分暂时领先。我们期待他们在第二天有更精彩的表现。