Security Experts:

Connect with us

Hi, what are you looking for?



Hackers Invited to Target VMware at Pwn2Own 2016

Hewlett Packard Enterprise, Trend Micro and the Zero Day Initiative have invited white hat hackers to show off their skills at this year’s Pwn2Own competition.

Hewlett Packard Enterprise, Trend Micro and the Zero Day Initiative have invited white hat hackers to show off their skills at this year’s Pwn2Own competition.

HP and ZDI decided not to sponsor Mobile Pwn2Own last year at the PacSec conference in Japan over legal concerns related to the controversial Wassenaar Arrangement, but they haven’t completely given up on the popular hacking contest. This year’s list of sponsors is joined by Trend Micro, which announced in October the acquisition of TippingPoint, including the Zero Day Initiative, from HP for $300 million.

As usual, Pwn2Own 2016 will take place alongside the CanSecWest conference in Vancouver, Canada. The competition, scheduled for March 16-17, invites researchers to hack Google Chrome, Microsoft Edge, Adobe Flash, Apple Safari and, for the first time, VMware Workstation.

According to organizers, Windows-based targets will be running on a VMware Workstation virtual machine and researchers who achieve a VM escape will be awarded a bonus of $75,000. A $20,000 bonus will also be awarded for exploits that achieve root- or SYSTEM-level code execution.

Experts who manage to hack Chrome and Edge on Windows will receive $65,000, while those who break Flash running in Edge will get $60,000. The prize for hacking Safari on a machine running Mac OS X is $40,000.

Similar to previous years, the targeted machines will run fully patched versions of the operating system and software. Participants’ exploits will also have to work with the protections in Microsoft’s EMET software enabled.

Pwn2Own 2016 participants will be awarded points for each of their successful entries and the hacker with the highest number of points will be named “Master of Pwn” and will receive an additional 65,000 ZDI reward points, worth roughly $25,000, and a laptop estimated at $1,000.

The vulnerabilities leveraged by contestants must be unknown and each flaw can only be used to target one category. The exploits must work with minimal user interaction and all the vulnerabilities and techniques used by winners must be disclosed to the affected software’s vendor. The complete rules are available on ZDI’s website.

Hackers who took part in the 2015 edition of Pwn2Own earned a total of $552,000, plus non-monetary prizes such as ZDI points and laptops.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.