Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference . First held in April 2007 in Vancouver, the contest is now held twice a year, most recently in March 2024. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities . Winners of the contest receive the device that they exploited and a cash prize. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.
166-548: The first contest in 2007 was conceived and developed by Dragos Ruiu in response to his frustration with Apple Inc. 's lack of response to the Month of Apple Bugs and the Month of Kernel Bugs , as well as Apple's television commercials that trivialized the security built into the competing Windows operating system . At the time, there was a widespread belief that, despite these public displays of vulnerabilities in Apple products, OS X
332-601: A Sony Vaio running Windows 7 Beta and Safari and Firefox installed on a MacBook running Mac OS X. All browsers were fully patched and in default configurations on the first day of the contest. As in previous years, the attack surface contest expanded over the three days. On day 1, contestants had to target functionality in the default browser without access to any plugins. On day 2, Adobe Flash, Java, Microsoft .NET Framework , and QuickTime were included. On day 3, other popular third-party plugins were included like Adobe Reader . Multiple winners per target were allowed, but only
498-456: A boardroom coup and called an emergency meeting at which Apple's executive staff sided with Sculley and stripped Jobs of all operational duties. Jobs resigned from Apple in September 1985 and took several Apple employees with him to found NeXT . Wozniak had also quit his active employment at Apple earlier in 1985 to pursue other ventures, expressing his frustration with Apple's treatment of
664-611: A multi-touch iPod Nano , an iPod Touch with FaceTime , and an iPod Shuffle that brought back the clickwheel buttons of earlier generations. It also introduced the smaller, cheaper second-generation Apple TV which allowed the rental of movies and shows. On January 17, 2011, Jobs announced in an internal Apple memo that he would take another medical leave of absence for an indefinite period to allow him to focus on his health. Chief operating officer Tim Cook assumed Jobs's day-to-day operations at Apple, although Jobs would still remain "involved in major strategic decisions". Apple became
830-437: A sandboxed environment and demonstrated exploits that did not "win". Pwn2Own defended the decision, saying that it believed that no hackers would attempt to exploit Chrome if their methods had to be disclosed. Google offered a separate "Pwnium" contest that offered up to $ 60,000 for Chrome-specific exploits. Non-Chrome vulnerabilities used were guaranteed to be immediately reported to the appropriate vendor. Sergey Glazunov and
996-529: A $ 309 million profit. On May 6, 1998, Apple introduced a new all-in-one computer reminiscent of the original Macintosh: the iMac . The iMac was a huge success, with 800,000 units sold in its first five months, and ushered in major shifts in the industry by abandoning legacy technologies like the 3 + 1 ⁄ 2 -inch diskette , being an early adopter of the USB connector, and coming pre-installed with Internet connectivity (the "i" in iMac) via Ethernet and
1162-491: A 64-bit version of Windows 8.1 , to win a total of $ 400,000—the highest payout to a single competitor to date. The company used a total of 11 distinct zero-day vulnerabilities. Among other successful exploits in 2014, Internet Explorer 11 was exploited by Sebastian Apelt and Andreas Schmidt for a prize of $ 100,000. Apple Safari on Mac OS X Mavericks and Adobe Flash on Windows 8.1 were successfully exploited by Liang Chen of Keen Team and Zeguang Zhao of team509. Mozilla Firefox
1328-401: A US jury ruled that Samsung should pay Apple $ 1.05 billion (£665m) in damages in an intellectual property lawsuit. Samsung appealed the damages award, which was reduced by $ 450 million and further granted Samsung's request for a new trial. On November 10, 2012, Apple confirmed a global settlement that dismissed all existing lawsuits between Apple and HTC up to that date, in favor of
1494-445: A built-in hub that connects to the physical USB cable. USB device communication is based on pipes (logical channels). A pipe connects the host controller to a logical entity within a device, called an endpoint . Because pipes correspond to endpoints, the terms are sometimes used interchangeably. Each USB device can have up to 32 endpoints (16 in and 16 out ), though it is rare to have so many. Endpoints are defined and numbered by
1660-485: A decade. In the 1990s, Apple lost considerable market share in the personal computer industry to the lower-priced Wintel duopoly of the Microsoft Windows operating system on Intel -powered PC clones . In 1997, Apple was weeks away from bankruptcy . To resolve its failed operating system strategy, it bought NeXT, effectively bringing Jobs back to the company, who guided Apple back to profitability over
1826-403: A dial-up modem. Its striking teardrop shape and translucent materials were designed by Jonathan Ive , who had been hired by Amelio, and who collaborated with Jobs for more than a decade to reshape Apple's product design. A little more than a year later on July 21, 1999, Apple introduced the iBook consumer laptop. It culminated Jobs's strategy to produce only four products: refined versions of
SECTION 10
#17327826507681992-433: A distraction not only for me and my family, but everyone else at Apple as well", and explained that the break would allow the company "to focus on delivering extraordinary products". Though Jobs was absent, Apple recorded its best non-holiday quarter (Q1 FY 2009) during the recession , with revenue of $ 8.16 billion and profit of $ 1.21 billion. After years of speculation and multiple rumored "leaks", Apple unveiled
2158-420: A hacker duo calling themselves Team Incite, were awarded the title of Master of Pwn with winnings of $ 80,000 and 92.5 Master of Pwn points. Overall, the contest had 14 winning demonstrations, nine partial wins due to bug collisions, and two failed entries. The spring edition of Pwn2Own 2020 occurred on March 18–19, 2020. Tesla again returned as a sponsor and had a Model 3 as an available target. Due to COVID-19 ,
2324-444: A large screen, tablet-like media device known as the iPad on January 27, 2010. The iPad ran the same touch-based operating system as the iPhone, and all iPhone apps were compatible with the iPad. This gave the iPad a large app catalog on launch, though having very little development time before the release. Later that year on April 3, 2010, the iPad was launched in the U.S. It sold more than 300,000 units on its first day, and 500,000 by
2490-583: A more modern approach. This led to the Pink project in 1988, A/UX that same year, Copland in 1994, and evaluated the purchase of BeOS in 1996. Talks with Be stalled when the CEO, former Apple executive Jean-Louis Gassée , demanded $ 300 million in contrast to Apple's $ 125 million offer. Only weeks away from bankruptcy , Apple's board preferred NeXTSTEP and purchased NeXT in late 1996 for $ 400 million, retaining Steve Jobs . The NeXT acquisition
2656-682: A new coding schema (128b/132b symbols, 10 Gbit/s; also known as Gen 2 ); for some time marketed as SuperSpeed+ ( SS+ ). The USB 3.2 specification added a second lane to the Enhanced SuperSpeed System besides other enhancements so that the SuperSpeedPlus USB system part implements the Gen 1×2 , Gen 2×1, and Gen 2×2 operation modes. However, the SuperSpeed USB part of the system still implements
2822-751: A power struggle between Steve Jobs and CEO John Sculley , who had been hired away from Pepsi two years earlier by Jobs saying, "Do you want to sell sugar water for the rest of your life or come with me and change the world?" Sculley removed Jobs as the head of the Macintosh division, with unanimous support from the Apple board of directors. The board of directors instructed Sculley to contain Jobs and his ability to launch expensive forays into untested products. Rather than submit to Sculley's direction, Jobs attempted to oust him from leadership. Jean-Louis Gassée informed Sculley that Jobs had been attempting to organize
2988-512: A preferential rate. This visit influenced Jobs to implement a GUI in Apple's products, starting with the Apple Lisa . Despite being pioneering as a mass-marketed GUI computer, the Lisa suffered from high costs and limited software options, leading to commercial failure. Jobs, angered by being pushed off the Lisa team, took over the company's Macintosh division. Wozniak and Raskin had envisioned
3154-431: A random selection to determine which team went first against each target. The first contestant to be selected was Charlie Miller . He exploited Safari on OS X without the aid of any browser plugins. In interviews after winning the contest, Miller stressed that while it only took him minutes to run his exploit against Safari it took him many days to research and develop the exploit he used. A researcher identified only as Nils
3320-538: A standard to replace virtually all common ports on computers, mobile devices, peripherals, power supplies, and manifold other small electronics. In the current standard, the USB-C connector replaces the many various connectors for power (up to 240 W), displays (e.g. DisplayPort, HDMI), and many other uses, as well as all previous USB connectors. As of 2024, USB consists of four generations of specifications: USB 1. x , USB 2.0 , USB 3. x , and USB4 . USB4 enhances
3486-592: A target. The event had eight winning entries, nine partial wins due to bug collisions, and two failed attempts. Overall, the contest awarded $ 136,500 for 23 unique bugs. The Flashback Team (Pedro Ribeiro and Radek Domanski) earned the Master of Pwn title with two successful Wide Area Network (WAN) router exploits. On April 6–8, 2021, the Pwn2Own contest took place in Austin and virtually. This year's event expanded by adding
SECTION 20
#17327826507683652-459: A teenager identified as "PinkiePie" each earned $ 60,000 for exploits that bypassed the security sandbox. Google issued a fix to Chrome users in less than 24 hours after the Pwnium exploits were demonstrated. In 2013, Google returned as a sponsor and the rules were changed to require full disclosure of exploits and techniques used. The Mobile Pwn2Own 2013 contest was held November 13–14, 2013, during
3818-599: A ten-year license agreement for current and future patents between the two companies. It is predicted that Apple will make US$ 280 million per year from this deal with HTC. In May 2014, Apple confirmed its intent to acquire Dr. Dre and Jimmy Iovine 's audio company Beats Electronics —producer of the "Beats by Dr. Dre" line of headphones and speaker products, and operator of the music streaming service Beats Music —for US$ 3 billion, and to sell their products through Apple's retail outlets and resellers. Iovine believed that Beats had always "belonged" with Apple, as
3984-634: A tethered connection (that is: no plug or receptacle at the peripheral end). There was no known miniature type A connector until USB 2.0 (revision 1.01) introduced one. USB 2.0 was released in April 2000, adding a higher maximum signaling rate of 480 Mbit/s (maximum theoretical data throughput 53 MByte/s ) named High Speed or High Bandwidth , in addition to the USB ;1. x Full Speed signaling rate of 12 Mbit/s (maximum theoretical data throughput 1.2 MByte/s). Modifications to
4150-403: A wider array of operating systems and browsers. The contest would demonstrate the widespread insecurity of all software in widespread use by consumers. Dragos refined the contest with the help of a wide panel of industry experts and the contest was administered by ZDI, who would again offer to purchase the vulnerabilities after their demonstration. As with all the vulnerabilities that ZDI purchases,
4316-508: Is full-duplex ; all earlier implementations, USB 1.0-2.0, are all half-duplex, arbitrated by the host. Low-power and high-power devices remain operational with this standard, but devices implementing SuperSpeed can provide increased current of between 150 mA and 900 mA, by discrete steps of 150 mA. USB 3.0 also introduced the USB Attached SCSI protocol (UASP) , which provides generally faster transfer speeds than
4482-533: Is based on NeXTSTEP , OpenStep , and BSD Unix , to combine the stability, reliability, and security of Unix with the ease of use of an overhauled user interface. Second, in May 2001, the first two Apple Store retail locations opened in Virginia and California, offering an improved presentation of the company's products. At the time, many speculated that the stores would fail, but they became highly successful, and
4648-482: Is best known for its consumer electronics , software , and services . Founded in 1976 as Apple Computer Company by Steve Jobs , Steve Wozniak and Ronald Wayne , the company was incorporated by Jobs and Wozniak as Apple Computer, Inc. the following year. It was renamed Apple Inc. in 2007 as the company had expanded its focus from computers to consumer electronics. Apple is the largest technology company by revenue , with US$ 391.04 billion in 2024. The company
4814-402: Is made using two connectors: a receptacle and a plug . Pictures show only receptacles: The Universal Serial Bus was developed to simplify and improve the interface between personal computers and peripheral devices, such as cell phones, computer accessories, and monitors, when compared with previously existing standard or ad hoc proprietary interfaces. From the computer user's perspective,
4980-481: Is present on millions of mobile platforms. Among successful exploits were when Charlie Miller hacked Safari 4 on Mac OS X. Nils hacked Firefox 3.6 on Windows 7 64-bit by using a memory corruption vulnerability and bypassing ASLR and DEP , after which Mozilla patched the security flaw in Firefox 3.6.3. Ralf-Philipp Weinmann and Vincenzo Iozzo hacked the iPhone 3GS by bypassing the digital code signatures used on
5146-398: Is valued at just over $ 3.2 trillion. Apple has received criticism regarding its contractors ' labor practices, its relationship with trade unions , its environmental practices , and its business ethics, including anti-competitive practices and materials sourcing. Nevertheless, the company has a large following and enjoys a high level of brand loyalty . Apple Computer Company
Pwn2Own - Misplaced Pages Continue
5312-557: Is worth $ 10,000. Day 1 included Microsoft Internet Explorer 8 on Windows 7 , Mozilla Firefox 3.6 on Windows 7, Google Chrome 4 on Windows 7, and Apple Safari 4 on Mac OS X Snow Leopard . Day 2 included Microsoft Internet Explorer 8 on Windows Vista , Mozilla Firefox 3 on Windows Vista, Google Chrome 4 on Windows Vista, and Apple Safari 4 on Mac OS X Snow Leopard. Day 3 included Microsoft Internet Explorer 8 on Windows XP , Mozilla Firefox 3 on Windows XP, Google Chrome 4 on Windows XP, and Apple Safari 4 on Mac OS X Snow Leopard. $ 60,000 of
5478-590: The Apple II series was discontinued. It was expensive to produce, and the company decided it was still absorbing sales from lower-cost Macintosh models. After the launch of the LC, Apple encouraged developers to create applications for Macintosh rather than Apple II, and authorized salespersons to redirect consumers from Apple II and toward Macintosh. The Apple IIe was discontinued in 1993. Apple experimented with several other unsuccessful consumer targeted products during
5644-518: The Macworld Expo on January 9, 2007, Jobs announced the renaming of Apple Computer, Inc. to Apple Inc., because the company had broadened its focus from computers to consumer electronics. This event also saw the announcement of the iPhone and the Apple TV . The company sold 270,000 first-generation iPhones during the first 30 hours of sales, and the device was called "a game changer for
5810-534: The Power Macintosh , the first of many computers with Motorola's PowerPC processor. In the wake of the alliance, Apple opened up to the idea of allowing Motorola and other companies to build Macintosh clones . Over the next two years, 75 distinct Macintosh clone models were introduced. However, by 1996, Apple executives were worried that the clones were cannibalizing sales of its own high-end computers, where profit margins were highest. In 1996, Spindler
5976-526: The Power Macintosh G3 desktop and PowerBook G3 laptop for professionals, and the iMac desktop and iBook laptop for consumers. Jobs said the small product line allowed for a greater focus on quality and innovation. Around then, Apple also completed numerous acquisitions to create a portfolio of digital media production software for both professionals and consumers. Apple acquired Macromedia 's Key Grip digital video editing software project which
6142-481: The SoundJam MP audio player software from Casady & Greene . Apple renamed the program iTunes , and simplified the user interface and added CD burning. In 2001, Apple changed course with three announcements. First, on March 24, 2001, Apple announced the release of a new modern operating system, Mac OS X . This was after numerous failed attempts in the early 1990s, and several years of development. Mac OS X
6308-521: The TRS-80 and Commodore PET , because of its character cell-based color graphics and open architecture . The Apple I and early Apple II models use ordinary audio cassette tapes as storage devices, which were superseded by the 5 + 1 ⁄ 4 -inch floppy disk drive and interface called the Disk II in 1978. The Apple II was chosen to be the desktop platform for the first killer application of
6474-654: The chief operating officer . Gassée left the company later that year to set up a rival, Be Inc. The company pivoted strategy and, in October 1990, introduced three lower-cost models: the Macintosh Classic , the Macintosh LC , and the Macintosh IIsi , all of which generated significant sales due to pent-up demand. In 1991, Apple introduced the hugely successful PowerBook with a design that set
6640-539: The iLife suite. At the Worldwide Developers Conference keynote address on June 6, 2005, Jobs announced that Apple would move away from PowerPC processors, and the Mac would transition to Intel processors in 2006. On January 10, 2006, the new MacBook Pro and iMac became the first Apple computers to use Intel's Core Duo CPU. By August 7, 2006, Apple made the transition to Intel chips for
6806-401: The third- and fourth-generation iPads , which featured Retina displays ; and the iPad Mini , which featured a 7.9-inch screen in contrast to the iPad's 9.7-inch screen. These launches were successful, with the iPhone 5 (released September 21, 2012) becoming Apple's biggest iPhone launch with over two million pre-orders and sales of three million iPads in three days following the launch of
Pwn2Own - Misplaced Pages Continue
6972-551: The 1990s, including QuickTake digital cameras , PowerCD portable CD audio players, speakers , the Pippin video game console, the eWorld online service, and Apple Interactive Television Box . Enormous resources were invested in the problematic Newton tablet division, based on John Sculley's unrealistic market forecasts. Throughout this period, Microsoft continued to gain market share with Windows by focusing on delivering software to inexpensive personal computers, while Apple
7138-495: The 5, 10, and 20 Gbit/s capabilities as SuperSpeed USB 5Gbps , SuperSpeed USB 10 Gbps , and SuperSpeed USB 20 Gbps , respectively. In 2023, they were replaced again, removing "SuperSpeed" , with USB 5Gbps , USB 10Gbps , and USB 20Gbps . With new Packaging and Port logos. The USB4 specification was released on 29 August 2019 by the USB Implementers Forum. The USB4 2.0 specification
7304-535: The App Store could become a billion-dollar business for Apple. By October 2008, Apple was the third-largest mobile handset supplier in the world due to the popularity of the iPhone. On January 14, 2009, Jobs announced in an internal memo that he would be taking a six-month medical leave of absence from Apple until the end of June 2009 and would spend the time focusing on his health. In the email, Jobs stated that "the curiosity over my personal health continues to be
7470-532: The Apple II division and stating that the company had "been going in the wrong direction for the last five years". Wozniak remained employed by Apple as a representative, receiving a stipend estimated to be $ 120,000 per year. Jobs and Wozniak remained Apple shareholders following their departures. After the departures of Jobs and Wozniak in 1985, Sculley launched the Macintosh 512K that year with quadruple
7636-545: The BOT (Bulk-Only-Transfer) protocol. USB 3.1 , released in July 2013 has two variants. The first one preserves USB 3.0's SuperSpeed architecture and protocol and its operation mode is newly named USB 3.1 Gen 1 , and the second version introduces a distinctively new SuperSpeedPlus architecture and protocol with a second operation mode named as USB 3.1 Gen 2 (marketed as SuperSpeed+ USB ). SuperSpeed+ doubles
7802-508: The Enterprise Communications category, which includes Microsoft Teams and Zoom Messenger. The first day of the contest saw Apple Safari, Microsoft Exchange, Microsoft Teams, Windows 10, and Ubuntu all compromised. Zoom Messenger was compromised on the second day of the contest with a zero-click exploit. Parallels Desktop, Google Chrome, and Microsoft Edge were also successfully exploited during the contest. Over US$ 1,200,000
7968-636: The Galaxy S22, running the latest Android 13, was hacked in less than a minute. Once all the points were totaled, the STAR Labs team was awarded the title of Master of Pwn with $ 270,000 and 27 points. Apple (company) Apple Inc. is an American multinational corporation and technology company headquartered and incorporated in Cupertino, California , in Silicon Valley . It
8134-421: The Macintosh as a low-cost computer with a text-based interface like the Apple II, but a plane crash in 1981 forced Wozniak to step back from the project. Jobs quickly redefined the Macintosh as a graphical system that would be cheaper than the Lisa, undercutting his former division. Jobs was also hostile to the Apple II division, which at the time, generated most of the company's revenue. In 1984, Apple launched
8300-583: The Macintosh, the first personal computer without a bundled programming language . Its debut was signified by " 1984 ", a US$ 1.5 million television advertisement directed by Ridley Scott that aired during the third quarter of Super Bowl XVIII on January 22, 1984. This was hailed as a watershed event for Apple's success and was called a "masterpiece" by CNN and one of the greatest TV advertisements of all time by TV Guide . The advertisement created great interest in Macintosh , and sales were initially good, but began to taper off dramatically after
8466-658: The Mozilla Firefox and Apple Safari web browsers. Day Two of the contest was highlighted by a remote exploit of the Tesla Infotainment system. Researchers from the Synacktiv Team were able to remotely start the windshield wipers, open the trunk, and flash the headlights of the vehicle. The event's final day saw three of the six Windows 11 privilege escalations successfully demonstrated. All six of these exploits used unique bugs. Samsung's flagship phone,
SECTION 50
#17327826507688632-651: The PacSec 2013 Conference in Tokyo. Web browsers Google Chrome, Internet Explorer and Firefox, along with Windows 8 and Java, were exploited. Adobe also joined the contest, adding Reader and Flash. Apple Safari on Mountain Lion was not targeted as no teams showed up. French security firm VUPEN has successfully exploited a fully updated Internet Explorer 10 on Microsoft Surface Pro running a 64-bit version of Windows 8 and fully bypassed Protected Mode sandbox without crashing or freezing
8798-715: The Pwn2Own contest was the fact that a new attack surface was allowed for penetrating mobile phones , specifically over cellphone basebands . The mobile phone targets were Dell Venue Pro running Windows Phone 7 , iPhone 4 running iOS , BlackBerry Torch 9800 running BlackBerry OS 6.0, and Nexus S running Android 2.3. Several teams registered for the desktop browser contest. For Apple Safari, registered competitors included VUPEN, Anon_07, Team Anon, Charlie Miller. Mozilla Firefox included Sam Thomas and Anonymous_1. Microsoft Internet Explorer teams included Stephen Fewer, VUPEN, Sam Thomas, and Ahmed M Sleet. Google Chrome teams included Moatz Khader, Team Anon, and Ahmed M Sleet. For
8964-605: The RAM, and introduced the LaserWriter , the first reasonably priced PostScript laser printer . PageMaker , an early desktop publishing application taking advantage of the PostScript language, was also released by Aldus Corporation in July 1985. It has been suggested that the combination of Macintosh, LaserWriter, and PageMaker was responsible for the creation of the desktop publishing market. This dominant position in
9130-501: The SuperSpeed USB Developers Conference. USB 3.0 adds a new architecture and protocol named SuperSpeed , with associated backward-compatible plugs, receptacles, and cables. SuperSpeed plugs and receptacles are identified with a distinct logo and blue inserts in standard format receptacles. The SuperSpeed architecture provides for an operation mode at a rate of 5.0 Gbit/s, in addition to
9296-454: The USB 2.0 bus operating in parallel. The USB 3.0 specification defined a new architecture and protocol named SuperSpeed (aka SuperSpeed USB , marketed as SS ), which included a new lane for a new signal coding scheme (8b/10b symbols, 5 Gbit/s; later also known as Gen 1 ) providing full-duplex data transfers that physically required five additional wires and pins, while preserving
9462-416: The USB interface improves ease of use in several ways: The USB standard also provides multiple benefits for hardware manufacturers and software developers, specifically in the relative ease of implementation: As with all standards, USB possesses multiple limitations to its design: For a product developer, using USB requires the implementation of a complex protocol and implies an "intelligent" controller in
9628-401: The USB specification have been made via engineering change notices (ECNs). The most important of these ECNs are included into the USB 2.0 specification package available from USB.org: The USB 3.0 specification was released on 12 November 2008, with its management transferring from USB 3.0 Promoter Group to the USB Implementers Forum (USB-IF) and announced on 17 November 2008 at
9794-547: The USB 2.0 architecture and protocols and therefore keeping the original four pins/wires for the USB 2.0 backward-compatibility resulting in 9 wires (with 9 or 10 pins at connector interfaces; ID-pin is not wired) in total. The USB 3.1 specification introduced an Enhanced SuperSpeed System – while preserving the SuperSpeed architecture and protocol ( SuperSpeed USB ) – with an additional SuperSpeedPlus architecture and protocol (aka SuperSpeedPlus USB ) adding
9960-794: The VUPEN team took on the Windows Phone (the Lumia 1520 ), but was unable to gain full control of the system. In 2014, Keen Lab hacked Windows 8.1 Adobe Flash in 16 seconds, as well as the OSX Mavericks Safari system in 20 seconds. Every single prize available was claimed in 2015 in March in Vancouver, and all browsers were hacked for a total in $ 557,500 and other prizes. The top hacker proved to be Jung Hoon Lee, who took out "IE 11, both
10126-428: The affected vendor and turns them into signatures for their own network intrusion detection system, increasing its effectiveness. The vulnerabilities sold to ZDI are made public only after the affected vendor has issued a patch for it. Forslof agreed to have ZDI offer to purchase any vulnerabilities used in the contest for a flat price of $ 10,000. The first contest subsequently exposed a high-profile QuickTime flaw, which
SECTION 60
#173278265076810292-414: The browser. The VUPEN team then exploited Mozilla Firefox, Adobe Flash, and Oracle Java. Pinkie Pie won $ 50,000, and Google released Chrome updates on November 14 to address the vulnerabilities exploited. Nils and Jon from MWRLabs were successful at exploiting Google Chrome using WebKit and Windows kernel flaws to bypass Chrome sandbox and won $ 100,000. George Hotz exploited Adobe Acrobat Reader and escaped
10458-582: The business world: VisiCalc , a spreadsheet program released in 1979. VisiCalc created a business market for the Apple II and gave home users an additional reason to buy an Apple II: compatibility with the office, but Apple II market share remained behind home computers made by competitors such as Atari , Commodore , and Tandy . On December 12, 1980, Apple (ticker symbol "AAPL") went public selling 4.6 million shares at $ 22 per share ($ .10 per share when adjusting for stock splits as of September 3, 2022 ), generating over $ 100 million, which
10624-439: The car they hacked after finding a severe memory randomization bug in the car's infotainment system. It was also the first year that hacking of devices in the home automation category was allowed. In October 2019, Politico reported that the next edition of Pwn2Own had added industrial control systems. Pwn2Own Tokyo was held November 6 to November 7, and was expected to hand out $ 750,000 in cash and prizes. Facebook Portal
10790-642: The company modeled itself after Apple's "unmatched ability to marry culture and technology". The acquisition was the largest purchase in Apple's history. USB Universal Serial Bus ( USB ) is an industry standard that allows data exchange and delivery of power between many types of electronics. It specifies its architecture, in particular its physical interface , and communication protocols for data transfer and power delivery to and from hosts , such as personal computers , to and from peripheral devices , e.g. displays, keyboards, and mass storage devices, and to and from intermediate hubs , which multiply
10956-686: The conference moved to a virtual event. The Zero Day Initiative decided to allow remote participation. This allowed researchers to send their exploits to the program prior to the event. ZDI researchers then ran the exploits from their homes and recorded the screen as well as the Zoom call with the contestant. The contest saw six successful demonstrations and awarded $ 270,000 over the two-day event while purchasing 13 unique bugs in Adobe Reader, Apple Safari and macOS, Microsoft Windows, and Oracle VirtualBox. The duo of Amat Cama and Richard Zhu (Team Fluoroacetate)
11122-413: The contest added industrial control systems. Winners of the contest receive the device that they exploited and a cash prize. Winners also receive a "Masters" jacket celebrating the year of their win. The following list of notable hacks is incomplete. (Mobile) (Mobile) The contest took place from Thursday, April 18 to Saturday, April 20, 2007, in Vancouver. The first contest was intended to highlight
11288-430: The contest did not attract any additional contestants. Chrome, as well as all of the mobile devices, went unexploited in Pwn2Own 2009. The competition started on March 24, 2010 and had a total cash prize pool of US$ 100,000. Nine days before the contest was to begin, Apple released sixteen patches for WebKit and Safari. Concerning software to exploit, $ 40,000 of the $ 100,000 was reserved for web browsers, where each target
11454-430: The contest in March 2016, "each of the winning entries was able to avoid the sandboxing mitigations by leveraging vulnerabilities in the underlying OSs." In 2016, Chrome, Microsoft Edge and Safari were all hacked. According to Brian Gorenc, manager of Vulnerability Research at HPE , they had chosen not to include Firefox that year as they had "wanted to focus on the browsers that [had] made serious security improvements in
11620-410: The contest organizers a link to it. When clicked, the link gave Macauley control of the laptop, winning the contest by proxy for Dai Zovi, who gave Macaulay the 15" MacBook Pro. Dai Zovi separately sold the vulnerability to ZDI for the $ 10,000 prize. Pwn2Own 2008 took place from Thursday, March 26 to Saturday, March 28, 2008. After the successful 2007 contest, the scope of the contest expanded to include
11786-771: The contest was a demonstration from Daan and Thijs bypassing the trusted application check on the OPC Foundation OPC UA .NET Standard. Pwn2Own returned to Vancouver on May 18–20, 2022, to celebrate the 15th anniversary of the contest. Over the three-day event, the ZDI awarded US$ 1,155,000 for 25 unique 0-day vulnerabilities. Day One of the contest set a single-day contest record of US$ 800,000 awarded for various exploits, including three separate Microsoft Teams demonstrations. One of these exploits required no user interaction and could be used to compromise an entire organization. Also demonstrated were successful demonstrations against
11952-413: The contest, Adobe disclosed that they had co-discovered the same vulnerability internally and had been working on a patch at the time of Pwn2Own. The laptop running Ubuntu was not exploited. Pwn2Own 2009 took place over the three days of CanSecWest from Thursday, March 18 to Saturday, March 20, 2009. After having considerably more success targeting web browsers than any other category of software in 2007,
12118-688: The core of its computer offerings. The next month, in August 1997, Steve Jobs convinced Microsoft to make a $ 150 million investment in Apple and a commitment to continue developing Mac software. This was seen as an "antitrust insurance policy" for Microsoft which had recently settled with the Department of Justice over anti-competitive practices in the United States v. Microsoft Corp. case. Around then, Jobs donated Apple's internal library and archives to Stanford University , to focus more on
12284-428: The current shape for almost all modern laptops. The same year, Apple introduced System 7 , a major upgrade to the Macintosh operating system, adding color to the interface and introducing new networking capabilities. The success of the lower-cost Macs and PowerBook brought increasing revenue. For some time, Apple was doing very well, introducing fresh new products at increasing profits. The magazine MacAddict named
12450-862: The data transfer and power delivery functionality with ... a connection-oriented, tunneling architecture designed to combine multiple protocols onto a single physical interface so that the total speed and performance of the USB4 Fabric can be dynamically shared. USB4 particularly supports the tunneling of the Thunderbolt 3 protocols, namely PCI Express (PCIe, load/store interface) and DisplayPort (display interface). USB4 also adds host-to-host interfaces. Each specification sub-version supports different signaling rates from 1.5 and 12 Mbit/s total in USB 1.0 to 80 Gbit/s (in each direction) in USB4. USB also provides power to peripheral devices;
12616-654: The default installation of Windows Vista Ultimate SP1 , Mac OS X 10.5.2 , or Ubuntu Linux 7.10 . Day 1 saw remote attacks only; contestants had to join the same network as the target laptop and perform their attack without user interaction and without authentication. Day 2 had browser and Instant messaging attacks included, as well as malicious website attacks with links sent to organizers to be clicked. Day 3 had third-party client applications included. Contestants could target popular third-party software such as browsers, Adobe Flash , Java , Apple Mail , iChat , Skype , AOL , and Microsoft Silverlight . The laptop running OS X
12782-402: The desktop publishing market allowed the company to focus on higher price points, the so-called "high-right policy" named for the position on a chart of price vs. profits. Newer models selling at higher price points offered higher profit margin , and appeared to have no effect on total sales as power users snapped up every increase in speed. Although some worried about pricing themselves out of
12948-505: The desktop publishing market and estranged many of its original consumer customer base who could no longer afford Apple products. The Christmas season of 1989 was the first in the company's history to have declining sales, which led to a 20% drop in Apple's stock price. During this period, the relationship between Sculley and Gassée deteriorated, leading Sculley to effectively demote Gassée in January 1990 by appointing Michael Spindler as
13114-493: The details of the vulnerabilities used in Pwn2Own would be provided to the affected vendors and public details would be withheld until a patch was made available. All contestants who successfully demonstrated exploits at the contest could sell their vulnerabilities to ZDI for prizes of $ 20,000 on the first day, $ 10,000 on the second day, and $ 5,000 on the third day. As in the previous year's contest, only certain attacks were allowed on each day. Targets included three laptops running
13280-506: The development of USB in 1995: Compaq , DEC , IBM , Intel , Microsoft , NEC , and Nortel . The goal was to make it fundamentally easier to connect external devices to PCs by replacing the multitude of connectors at the back of PCs, addressing the usability issues of existing interfaces, and simplifying software configuration of all devices connected to USB, as well as permitting greater data transfer rates for external devices and plug and play features. Ajay Bhatt and his team worked on
13446-402: The device during initialization (the period after physical connection called "enumeration") and so are relatively permanent, whereas pipes may be opened and closed. There are two types of pipe: stream and message. When a host starts a data transfer, it sends a TOKEN packet containing an endpoint specified with a tuple of (device_address, endpoint_number) . If the transfer is from the host to
13612-407: The device, contestants had to demonstrate they could collect sensitive data from the mobile device or incur some type of financial loss from the mobile device owner. On day 1, the device could receive SMS, MMS, and e-mail but messages could not be read. Wifi (if on by default), Bluetooth (if on by default), and radio stack were also in-scope. On day 2, SMS, MMS, and e-mail could be opened and read. Wifi
13778-578: The devices would be able to leave the conference with that laptop. There was no monetary reward. The name "Pwn2Own" was derived from the fact that contestants must " pwn " or hack the device in order to "own" or win it. On the first day of the conference in Vancouver, British Columbia , Ruiu asked Terri Forslof of the Zero Day Initiative (ZDI) to participate in the contest. ZDI has a program which purchases zero-day attacks , reports them to
13944-487: The end of the first day, Julien Tinnes and Sami Koivu (remote) successfully exploited Firefox and Safari on OS X with a vulnerability in Java. At the time, OS X had Java enabled by default, which allowed for reliable exploitation against that platform. However, due to having reported the vulnerabilities to the vendor already, Tinnes' participation fell outside the rules of the contest and was unable to be rewarded. The next days of
14110-404: The end of the first week. In May 2010, Apple's market cap exceeded that of competitor Microsoft for the first time since 1989. In June 2010, Apple released the iPhone 4 , which introduced video calling using FaceTime , multitasking , and a new design with an exposed stainless steel frame as the phone's antenna system. Later that year, Apple again refreshed the iPod line by introducing
14276-452: The endpoint, the host sends an OUT packet (a specialization of a TOKEN packet) with the desired device address and endpoint number. If the data transfer is from the device to the host, the host sends an IN packet instead. If the destination endpoint is a uni-directional endpoint whose manufacturer's designated direction does not match the TOKEN packet (e.g. the manufacturer's designated direction
14442-514: The entire Mac product line—over one year sooner than announced. The Power Mac, iBook, and PowerBook brands were retired during the transition; the Mac Pro , MacBook , and MacBook Pro became their respective successors. Apple also introduced Boot Camp in 2006 to help users install Windows XP or Windows Vista on their Intel Macs alongside Mac OS X. Apple's success during this period was evident in its stock price . Between early 2003 and 2006,
14608-545: The findings with Amazon, which said it was investigating the hack and would take "appropriate steps." A new edition of the Pwn2Own contest took place on January 21–23, 2020, in Miami at the S4 conference, with industrial control system and SCADA targets only. Contestants were awarded more than $ 250,000 over the three-day event as hackers demonstrated a multiple exploits in many leading ICS platforms. Steven Seeley and Chris Anastasio,
14774-416: The first contestant to exploit each laptop would get it. Mobile device targets included BlackBerry , Android , Apple iPhone 2.0 ( T-Mobile G1 ), Symbian (Nokia N95 ) and Windows Mobile ( HTC Touch ) phones in their default configurations. As with the browser contest, the attack surface available to contestants expanded over three days. In order to prove that they were able to successfully compromise
14940-410: The first day of the competition, Safari and Internet Explorer were defeated by researchers. Safari was version 5.0.3 installed on a fully patched Mac OS X 10.6.6. French security firm VUPEN was the first to attack the browser. Internet Explorer was a 32-bit version 8 installed on 64-bit Windows 7 Service Pack 1. Security researcher Stephen Fewer of Harmony Security was successful in exploiting IE. This
15106-457: The first day. After the $ 10,000 prize was announced by ZDI, Shane Macaulay called up former co-worker Dino Dai Zovi in New York and urged him to compete in the second day. In one night, Dai Zovi found and exploited a previously unknown vulnerability in a QuickTime library loaded by Safari. The following morning, Dai Zovi sent his exploit code to Macaulay, who placed it on a website and e-mailed
15272-504: The first of more than 500 stores around the world. Third, on October 23, 2001, the iPod portable digital audio player debuted. The product was first sold on November 10, 2001, and was extremely successful, with over 100 million units sold within six years. In 2003, the iTunes Store was introduced with music downloads for 99¢ a song and iPod integration. It quickly became the market leader in online music services, with over 5 billion downloads by June 19, 2008. Two years later,
15438-480: The first prototype Apple I at the Homebrew Computer Club in July 1976. The Apple I was sold as a motherboard with CPU , RAM , and basic textual-video chips—a base kit concept which was not yet marketed as a complete personal computer. It was priced soon after debut for $ 666.66 (equivalent to $ 3,600 in 2023). Wozniak later said he was unaware of the coincidental mark of the beast in
15604-399: The first three months as reviews started to come in. Jobs had required 128 kilobytes of RAM, which limited its speed and software in favor of aspiring for a projected price point of $ 1,000 (equivalent to $ 2,900 in 2023). The Macintosh shipped for $ 2,495 (equivalent to $ 7,300 in 2023), a price panned by critics due to its slow performance. In early 1985, this sales slump triggered
15770-449: The first time, by regular competitor VUPEN . After withdrawing from the contest that year due to new disclosure rules, in 2013 Google returned as a sponsor and the rules were changed to require full disclosure of exploits and techniques used. In that year (2013) a single researcher was able to hack Chrome, Firefox and Internet Explorer , a trifecta hack. Google ceased to be a sponsor of Pwn2Own in 2015. In 2015, every web browser tested
15936-432: The following ECNs: A USB system consists of a host with one or more downstream facing ports (DFP), and multiple peripherals, forming a tiered- star topology . Additional USB hubs may be included, allowing up to five tiers. A USB host may have multiple controllers, each with one or more ports. Up to 127 devices may be connected to a single host controller. USB devices are linked in series through hubs. The hub built into
16102-415: The four major browsers. At Pwn2Own 2012, Chrome was successfully exploited for the first time. VUPEN declined to reveal how they escaped the sandbox, saying they would sell the information. Internet Explorer 9 on Windows 7 was successfully exploited next. Firefox was the third browser to be hacked using a zero day exploit . Safari on Mac OS X Lion was the only browser left standing at the conclusion of
16268-518: The hacks. "One of the largest hacking contests in the world" according to TechCrunch , as of 2019 the contest continues to be held several times a year. Pwn2Own Tokyo was held November 6 to November 7 in Tokyo, Japan , and was expected to hand out $ 750,000 in cash and prizes. Hacks focus on browsers, virtual machines, computers, and phones. In 2019, the contest added cars for the first time, with $ 900,000 offered for hacks exploiting Tesla software. In 2019,
16434-448: The host controller is called the root hub . A USB device may consist of several logical sub-devices that are referred to as device functions . A composite device may provide several functions, for example, a webcam (video device function) with a built-in microphone (audio device function). An alternative to this is a compound device , in which the host assigns each logical device a distinct address and all logical devices connect to
16600-458: The iPad Mini and fourth-generation iPad (released November 3, 2012). Apple also released a third-generation 13-inch MacBook Pro with a Retina display and new iMac and Mac Mini computers. On August 20, 2012, Apple's rising stock price increased the company's market capitalization to a then-record $ 624 billion. This beat the non-inflation-adjusted record for market capitalization previously set by Microsoft in 1999. On August 24, 2012,
16766-487: The iPhone to verify that the code in memory is from Apple. Peter Vreugdenhil exploited Internet Explorer 8 on Windows 7 by using two vulnerabilities that involved bypassing ASLR and evading DEP. The 2011 contest took place March 9 to 11 during the CanSecWest conference in Vancouver. The web browser targets for the 2011 contest included Microsoft Internet Explorer, Apple Safari, Mozilla Firefox, and Google Chrome. New to
16932-465: The iTunes Store was the world's largest music retailer. In 2002, Apple purchased Nothing Real for its advanced digital compositing application Shake , and Emagic for the music productivity application Logic . The purchase of Emagic made Apple the first computer manufacturer to own a music software company. The acquisition was followed by the development of Apple's consumer-level GarageBand application. The release of iPhoto that year completed
17098-562: The iTunes Store, effective in May 2007. Other record labels eventually followed suit and Apple published a press release in January 2009 to announce that all songs on the iTunes Store are available without their FairPlay DRM. In July 2008, Apple launched the App Store to sell third-party applications for the iPhone and iPod Touch . Within a month, the store sold 60 million applications and registered an average daily revenue of $ 1 million, with Jobs speculating in August 2008 that
17264-432: The incorporation of Apple. During the first five years of operations, revenues grew exponentially, doubling about every four months. Between September 1977 and September 1980, yearly sales grew from $ 775,000 to US$ 118 million, an average annual growth rate of 533%. The Apple II , also designed by Wozniak, was introduced on April 16, 1977, at the first West Coast Computer Faire . It differs from its major rivals,
17430-408: The industry". In an article posted on Apple's website on February 6, 2007, Jobs wrote that Apple would be willing to sell music on the iTunes Store without digital rights management , thereby allowing tracks to be played on third-party players if record labels would agree to drop the technology. On April 2, 2007, Apple and EMI jointly announced the removal of DRM technology from EMI's catalog in
17596-405: The insecurity of Apple's Mac OS X operating system since, at the time, there was a widespread belief that OS X was far more secure than its competitors. Concerning rules, only two MacBook Pro laptops, one 13" and one 15", were left on the conference floor at CanSecWest and joined to a separate wireless network. Only certain attacks were allowed and these restrictions were progressively loosened over
17762-462: The last year". After two days of competition, Tencent Security Team Sniper edged out JungHoon Lee with 13 more Pwn points and earning them the top Master of Pwn for Pwn2Own 2016 title. In Mobile Pwn2Own 2016, which was held in tandem with the PacSecWest security conference in Tokyo, Tencent Team Keen won $ 215k at Mobile Pwn2Own 2016, by attacking Nexus6P and two exploits for the iPhone iOS 10.1, and
17928-964: The latest versions of the standard extend the power delivery limits for battery charging and devices requiring up to 240 watts ( USB Power Delivery (USB-PD) ). Over the years, USB(-PD) has been adopted as the standard power supply and charging format for many mobile devices, such as mobile phones, reducing the need for proprietary chargers. USB was designed to standardize the connection of peripherals to personal computers, both to exchange data and to supply electric power. It has largely replaced interfaces such as serial ports and parallel ports and has become commonplace on various devices. Peripherals connected via USB include computer keyboards and mice, video cameras, printers, portable media players, mobile (portable) digital telephones, disk drives, and network adapters. USB connectors have been increasingly replacing other types of charging cables for portable devices. USB connector interfaces are classified into three types:
18094-614: The many various legacy Type-A (upstream) and Type-B (downstream) connectors found on hosts , hubs , and peripheral devices , and the modern Type-C ( USB-C ) connector, which replaces the many legacy connectors as the only applicable connector for USB4. The Type-A and Type-B connectors came in Standard, Mini, and Micro sizes. The standard format was the largest and was mainly used for desktop and larger peripheral equipment. The Mini-USB connectors (Mini-A, Mini-B, Mini-AB) were introduced for mobile devices. Still, they were quickly replaced by
18260-487: The market, the high-right policy was in full force by the mid-1980s, due to Jean-Louis Gassée's slogan of "fifty-five or die", referring to the 55% profit margins of the Macintosh II . This policy began to backfire late in the decade as desktop publishing programs appeared on IBM PC compatibles with some of the same functionality of the Macintosh at far lower price points. The company lost its dominant position in
18426-539: The maximum signaling rate to 10 Gbit/s (later marketed as SuperSpeed USB 10 Gbps by the USB 3.2 specification), while reducing line encoding overhead to just 3% by changing the encoding scheme to 128b/132b . USB 3.2 , released in September 2017, preserves existing USB 3.1 SuperSpeed and SuperSpeedPlus architectures and protocols and their respective operation modes, but introduces two additional SuperSpeedPlus operation modes ( USB 3.2 Gen 1×2 and USB 3.2 Gen 2×2 ) with
18592-692: The mobile browser category, the following teams registered. For the Apple iPhone hack attempt, teams included Anon_07, Dion Blazakis and Charlie Miller, Team Anon, Anonymous_1, and Ahmed M Sleet. To hack the RIM Blackberry the teams were Anonymous_1, Team Anon, and Ahmed M Sleet. To hack the Samsung Nexus S , teams included Jon Oberheide , Anonymous_1, Anon_07, and Team Anonymous. To hack the Dell Venue Pro , teams included George Hotz , Team Anonymous, Anonymous_1, and Ahmed M Sleet. During
18758-456: The most part since 2011, Apple has been the world's largest company by market capitalization , and, as of 2023 , is the largest manufacturing company by revenue , the fourth-largest personal computer vendor by unit sales , the largest vendor of tablet computers , and the largest vendor of mobile phones in the world. Apple became the first publicly traded U.S. company to be valued at over $ 1 trillion in 2018, and, as of June 2024 ,
18924-418: The most valuable consumer-facing brand in the world. In June 2011, Jobs surprisingly took the stage and unveiled iCloud , an online storage and syncing service for music, photos, files, and software which replaced MobileMe , Apple's previous attempt at content syncing. This would be the last product launch Jobs would attend before his death. On August 24, 2011, Jobs resigned his position as CEO of Apple. He
19090-508: The new USB-C Fabric with signaling rates of 10 and 20 Gbit/s (raw data rates of 1212 and 2424 MB/s). The increase in bandwidth is a result of two-lane operation over existing wires that were originally intended for flip-flop capabilities of the USB-C connector. Starting with the USB 3.2 specification, USB-IF introduced a new naming scheme. To help companies with the branding of the different operation modes, USB-IF recommended branding
19256-480: The next decade with the introductions of the iMac , iPod , iPhone , and iPad devices to critical acclaim as well as the iTunes Store , launching the " Think different " advertising campaign, and opening the Apple Store retail chain. These moves elevated Apple to consistently be one of the world's most valuable brands since about 2010. Jobs resigned in 2011 for health reasons, and died two months later; he
19422-486: The number 666, and that he came up with the price because he liked "repeating digits". Apple Computer, Inc. was incorporated in Cupertino, California , on January 3, 1977, without Wayne, who had left and sold his share of the company back to Jobs and Wozniak for $ 800 only twelve days after having co-founded it. Multimillionaire Mike Markkula provided essential business expertise and funding of $ 250,000 (equivalent to $ 1,257,000 in 2023) to Jobs and Wozniak during
19588-452: The number of a host's ports. Introduced in 1996, USB was originally designed to standardize the connection of peripherals to computers, replacing various interfaces such as serial ports , parallel ports , game ports , and ADB ports. Early versions of USB became commonplace on a wide range of devices, such as keyboards, mice, cameras, printers, scanners, flash drives, smartphones, game consoles, and power banks. USB has since evolved into
19754-537: The one-lane Gen 1×1 operation mode. Therefore, two-lane operations, namely USB 3.2 Gen 1× 2 (10 Gbit/s) and Gen 2× 2 (20 Gbit/s), are only possible with Full-Featured USB-C. As of 2023, they are somewhat rarely implemented; Intel, however, started to include them in its 11th-generation SoC processor models, but Apple never provided them. On the other hand, USB 3.2 Gen 1(×1) (5 Gbit/s) and Gen 2(×1) (10 Gbit/s) have been quite common for some years. Each USB connection
19920-528: The optional functionality as Thunderbolt 4 products. USB4 2.0 with 80 Gbit/s speeds was to be revealed in November 2022. Further technical details were to be released at two USB developer days scheduled for November 2022. The USB4 specification states that the following technologies shall be supported by USB4: Because of the previous confusing naming schemes, USB-IF decided to change it once again. As of 2 September 2022, marketing names follow
20086-505: The period between 1989 and 1991 as the "first golden age" of the Macintosh. The success of lower-cost consumer Macs, especially the LC, cannibalized higher-priced machines. To address this, management introduced several new brands, selling largely identical machines at different price points, for different markets: the high-end Quadra series, the mid-range Centris series, and the consumer-marketed Performa series. This led to significant consumer confusion between so many models. In 1993,
20252-532: The peripheral device. Developers of USB devices intended for public sale generally must obtain a USB ID, which requires that they pay a fee to the USB Implementers Forum (USB-IF). Developers of products that use the USB specification must sign an agreement with the USB-IF. Use of the USB logos on the product requires annual fees and membership in the organization. A group of seven companies began
20418-451: The present and the future rather than the past. He ended the Mac clone deals and in September 1997, purchased the largest clone maker, Power Computing . On November 10, 1997, the Apple Store website launched, which was tied to a new build-to-order manufacturing model similar to PC manufacturer Dell 's success. The moves paid off for Jobs; at the end of his first year as CEO, the company had
20584-420: The price of Apple's stock increased more than tenfold, from around $ 6 per share ( split-adjusted ) to over $ 80. When Apple surpassed Dell's market cap in January 2006, Jobs sent an email to Apple employees saying Dell's CEO Michael Dell should eat his words. Nine years prior, Dell had said that if he ran Apple he would "shut it down and give the money back to the shareholders". During his keynote speech at
20750-662: The sandbox to win $ 70,000. James Forshaw, Joshua Drake, and Ben Murphy independently exploited Oracle Java to win $ 20,000 each. The mobile contest saw contestants winning $ 117,500 out of a prize pool of $ 300,000. At Pwn2Own 2014 in March was held in Vancouver at the CanSecWest Conference and sponsored by Hewlett-Packard . All four targeted browsers fell to researchers, and contestants overall won $ 850,000 of an available pool of $ 1,085,000. VUPEN successfully exploited fully updated Internet Explorer 11 , Adobe Reader XI , Google Chrome, Adobe Flash, and Mozilla Firefox on
20916-649: The stable and beta versions of Google Chrome, and Apple Safari" and earned $ 225,000 in prize money. Other hacks included Team509 and KeenTeem breaking into Adobe Flash, and other breaks in Adobe Reader. Overall, there were 5 bugs in the Windows operating system, 4 in Internet Explorer 11, 3 in Firefox, Adobe Reader, and Adobe Flash, 2 in Safari, and 1 in Chrome. Google ceased to be a sponsor of Pwn2Own in 2015. At
21082-434: The standard at Intel; the first integrated circuits supporting USB were produced by Intel in 1995. Released in January 1996, USB 1.0 specified signaling rates of 1.5 Mbit/s ( Low Bandwidth or Low Speed ) and 12 Mbit/s ( Full Speed ). It did not allow for extension cables, due to timing and power limitations. Few USB devices made it to the market until USB 1.1 was released in August 1998. USB 1.1
21248-481: The syntax "USB x Gbps", where x is the speed of transfer in Gbit/s. Overview of the updated names and logos can be seen in the adjacent table. The operation modes USB 3.2 Gen 2×2 and USB4 Gen 2×2 – or: USB 3.2 Gen 2×1 and USB4 Gen 2×1 – are not interchangeable or compatible; all participating controllers must operate with the same mode. This version incorporates
21414-415: The thinner Micro-USB connectors (Micro-A, Micro-B, Micro-AB). The Type-C connector, also known as USB-C, is not exclusive to USB, is the only current standard for USB, is required for USB4, and is required by other standards, including modern DisplayPort and Thunderbolt. It is reversible and can support various functionalities and protocols, including USB; some are mandatory, and many are optional, depending on
21580-539: The third Pwn2Own focused on popular browsers used on consumer desktop operating systems. It added another category of mobile devices which contestants were challenged to hack via many remote attack vectors including email, SMS messages, and website browsing. All contestants who demonstrated successful exploits at the contest were offered rewards for the underlying vulnerabilities by ZDI, $ 5,000 for browser exploits and $ 10,000 for mobile exploits. Web browser targets were Internet Explorer 8 , Firefox, and Chrome installed on
21746-402: The three days of the conference. Day 1 allowed remote attacks only, day 2 had browser attacks included, while day 3 allowed local attacks, where contestants could connect with a USB stick or Bluetooth . In order to win the 15" MacBook Pro, contestants would be required to further escalate their privileges to root after gaining access with their initial exploit. The laptops were not hacked on
21912-489: The three existing operation modes. Its efficiency is dependent on a number of factors including physical symbol encoding and link-level overhead. At a 5 Gbit/s signaling rate with 8b/10b encoding , each byte needs 10 bits to transmit, so the raw throughput is 500 MB/s. When flow control, packet framing and protocol overhead are considered, it is realistic for about two thirds of the raw throughput, or 330 MB/s to transmit to an application. SuperSpeed's architecture
22078-418: The top prize in 2017. In 2018, the conference was much smaller and sponsored primarily by Microsoft. China had banned its security researchers from participating in the contest, despite Chinese nationals winning in the past, and banned divulging security vulnerabilities to foreigners. In particular, Tencent 's Keen Labs and Qihoo 360's 360Vulcan teem did not enter, nor any other Chinese nationals. A Tianfu Cup
22244-539: The total $ 100,000 cash prize pool was allotted to the mobile phone portion of the contest, each target was worth $ 15,000. These included Apple iPhone 3GS , RIM BlackBerry Bold 9700 , Nokia E72 device running Symbian , and HTC Nexus One running Android . The Opera web browser was left out of the contests as a target: The ZDI team argued that Opera had a low market share and that Chrome and Safari are only included "due to their default presence on various mobile platforms". However, Opera's rendering engine, Presto ,
22410-468: The type of hardware: host, peripheral device, or hub. USB specifications provide backward compatibility, usually resulting in decreased signaling rates, maximal power offered, and other capabilities. The USB 1.1 specification replaces USB 1.0. The USB 2.0 specification is backward-compatible with USB 1.0/1.1. The USB 3.2 specification replaces USB 3.1 (and USB 3.0) while including the USB 2.0 specification. USB4 "functionally replaces" USB 3.2 while retaining
22576-531: The zero-day portion of Pwn2Own. Versions of Safari that were not fully patched and running on Mac OS X Snow Leopard were compromised during the CVE portion of Pwn2Own. Significant improvements in the security mitigations within Mac OS X were introduced in Lion. Google withdrew from sponsorship of the event because the 2012 rules did not require full disclosure of exploits from winners, specifically exploits to break out of
22742-407: Was able to gain access through them, only Edge was successfully exploited, and also Safari and Firefox. A March 2019 contest took place in Vancouver at the CanSecWest conference, with categories including VMware ESXi , VMware Workstation , Oracle VirtualBox , Chrome, Microsoft Edge, and Firefox, as well as Tesla. Tesla entered its new Model 3 sedan, with a pair of researchers earning $ 375,000 and
22908-573: Was awarded for 23 unique 0-days. Master of Pwn was a three-way tie between Team DEVCORE, OV, and the team of Daan Keuper and Thijs Alkemade. The second edition of Pwn2Own Miami occurred April 19–21, 2022, at the Filmore in South Beach Miami. Over the three-day contest, $ 400,000 was awarded for 26 unique 0-days. The team of Daan Keuper and Thijs Alkemade from Computest Sector 7 were awarded Master of Pwn with earnings of $ 90,000. A highlight of
23074-488: Was crowned Master of Pwn with earnings of $ 90,000. The fall edition on Pwn2Own, normally referred to as Pwn2Own Tokyo, was held on November 5–7, 2020. With the lockdown from COVID-19 continuing, the contest was again held virtually and titled Pwn2Own Tokyo (Live From Toronto). ZDI researchers in Toronto ran the event, with others connecting from home. This contest also saw the inclusion of storage area network (SAN) servers as
23240-530: Was delivering a richly engineered but expensive experience. Apple relied on high profit margins and never developed a clear response; it sued Microsoft for making a GUI similar to the Lisa in Apple Computer, Inc. v. Microsoft Corp. The lawsuit dragged on for years and was finally dismissed. The major product flops and the rapid loss of market share to Windows sullied Apple's reputation, and in 1993 Sculley
23406-485: Was demonstrated just as with Safari. In day 2 the iPhone 4 and Blackberry Torch 9800 were both exploited. The iPhone was running iOS 4.2.1; however, the flaw exists in version 4.3 of the iOS. Security researchers Charlie Miller and Dion Blazakis were able to gain access to the iPhone's address book through a vulnerability in Mobile Safari by visiting their exploit-ridden webpage. The Blackberry Torch 9800 phone
23572-405: Was disclosed to Apple on April 23 and patched in early May. In 2008 the scope of the Pwn2Own contest was expanded. Targets included three laptops running the default installation of Windows Vista , OS X , or Ubuntu Linux . Mobile devices were added in 2009. For 2012 the rules were changed to a capture-the-flag-style competition with a point system. At and Chrome was successfully exploited for
23738-539: Was entered, as was the Amazon Echo Show 5 , a Google Nest Hub Max, an Amazon Cloud Cam and a Nest Cam IQ Indoor. Also entered was the Oculus Quest virtual reality kit. In 2019, a team won $ 60,000 hacking into an Amazon Echo Show 5. They did so by hacking into the "patch gap" that meshed older software patched onto other platforms, as the smart screen used an old version of Chromium . The team shared
23904-452: Was exploited on the second day of the contest with an exploit for the Safari browser co-written by Charlie Miller , Jake Honoroff and Mark Daniel of Independent Security Evaluators. Their exploit targeted an open-source subcomponent of the Safari browser. The laptop running Windows Vista SP1 was exploited on the third day of the contest with an exploit for Adobe Flash co-written by Shane Macaulay, Alexander Sotirov , and Derek Callaway. After
24070-435: Was exploited three times on the first day, and once more on the second day, with HP awarding researchers $ 50,000 for each disclosed Firefox flaw that year. Both Vupen and an anonymous participant exploited Google Chrome. Vupen earned $ 100,000 for the crack, while the anonymous entrant had their prize of $ 60,000 reduced, as their attack relied on a vulnerability revealed the day before at Google's Pwnium contest. Also, Nico Joly of
24236-458: Was finalized on February 9, 1997, and the board brought Jobs back to Apple as an advisor. On July 9, 1997, Jobs staged a boardroom coup that resulted in Amelio's resignation after overseeing a three-year record-low stock price and crippling financial losses. The board named Jobs as interim CEO and he immediately reviewed the product lineup. Jobs canceled 70% of models, ending 3,000 jobs and paring to
24402-479: Was founded on April 1, 1976, by Steve Jobs , Steve Wozniak , and Ronald Wayne as a partnership . The company's first product is the Apple I , a computer designed and hand-built entirely by Wozniak. To finance its creation, Jobs sold his Volkswagen Bus , and Wozniak sold his HP-65 calculator. Neither received the full selling price but in total earned $ 1,300 (equivalent to $ 7,000 in 2023). Wozniak debuted
24568-497: Was founded to produce and market Wozniak's Apple I personal computer. Its second computer, the Apple II , became a best seller as one of the first mass-produced microcomputers . Apple introduced the Lisa in 1983 and the Macintosh in 1984, as some of the first computers to use a graphical user interface and a mouse . By 1985, internal company problems led to Jobs leaving to form NeXT, Inc. , and Wozniak withdrawing to other ventures; John Sculley served as long-time CEO for over
24734-561: Was held on November 1 and 2 in 2017. Representatives from Apple, Google and Huawei were at the contest. Various smartphones, including ones using Apple's iOS 11.1 software, were also successfully hacked. The "11 successful attacks" were against the iPhone 7, the Huawei Mate 9 Pro and the Samsung Galaxy S8 . Google Pixel was not hacked. Overall, ZDI that year awarded $ 833,000 to uncover 51 zero-day bugs. The team Qihoo 360 won
24900-546: Was launched as Final Cut Pro in April 1999. Key Grip's development also led to Apple's release of the consumer video-editing product iMovie in October 1999. Apple acquired the German company Astarte in April 2000, which had developed the DVD authoring software DVDirector, which Apple repackaged as the professional-oriented DVD Studio Pro , and reused its technology to create iDVD for the consumer market. In 2000, Apple purchased
25066-582: Was more capital than any IPO since Ford Motor Company in 1956. By the end of the day, around 300 millionaires were created, including Jobs and Wozniak, from a stock price of $ 29 per share and a market cap of $ 1.778 billion. In December 1979, Steve Jobs and Apple employees, including Jef Raskin , visited Xerox PARC , where they observed the Xerox Alto , featuring a graphical user interface (GUI). Apple subsequently negotiated access to PARC's technology, leading to Apple's option to buy shares at
25232-419: Was named Master of Pwn, a title ZDI gives to the contestant that accumulates the most points throughout the contest. In March 2017 in Vancouver, for the first time hackers broke into VMWare's virtual machine sandbox. In 2017, Chrome did not have any successful hacks (although only one team attempted to target Chrome); the subsequent browsers that best fared were, in order, Firefox, Safari and Edge. Mobile Pwn2Own
25398-486: Was not stable. The researchers that had been chosen to test Android and Windows Phone 7 did not show up. No teams showed up for day three. Chrome and Firefox were not hacked. For 2012 the rules were changed to a capture-the-flag-style competition with a point system. The new format caused Charlie Miller , successful at the event in past years, to decide not to attend, as it required "on-the-spot" writing of exploits that Miller argued favored larger teams. Hackers went against
25564-500: Was on January 19, 2012, when Apple's Phil Schiller introduced iBooks Textbooks for iOS and iBook Author for Mac OS X in New York City. Jobs stated in the biography Steve Jobs that he wanted to reinvent the textbook industry and education. From 2011 to 2012, Apple released the iPhone 4s and iPhone 5 , which featured improved cameras, an intelligent software assistant named Siri , and cloud-synced data with iCloud;
25730-524: Was released on 1 September 2022 by the USB Implementers Forum. USB4 is based on the Thunderbolt 3 protocol. It supports 40 Gbit/s throughput, is compatible with Thunderbolt 3, and backward compatible with USB 3.2 and USB 2.0. The architecture defines a method to share a single high-speed link with multiple end device types dynamically that best serves the transfer of data by type and application. During CES 2020 , USB-IF and Intel stated their intention to allow USB4 products that support all
25896-581: Was replaced as CEO by Gil Amelio , who was hired for his reputation as a corporate rehabilitator. Amelio made deep changes, including extensive layoffs and cost-cutting. This period was also marked by numerous failed attempts to modernize the Macintosh operating system (MacOS). The original Macintosh operating system ( System 1 ) was not built for multitasking (running several applications at once). The company attempted to correct this by introducing cooperative multitasking in System 5, but still decided it needed
26062-607: Was replaced as CEO by Michael Spindler . Under Spindler, Apple, IBM , and Motorola formed the AIM alliance in 1994 to create a new computing platform (the PowerPC Reference Platform or PReP), with IBM and Motorola hardware coupled with Apple software. The AIM alliance hoped that PReP's performance and Apple's software would leave the PC far behind and thus counter the dominance of Windows. That year, Apple introduced
26228-416: Was replaced by Cook and Jobs became Apple's chairman. Apple did not have a chairman at the time and instead had two co-lead directors— Andrea Jung and Arthur D. Levinson —who continued with those titles until Levinson replaced Jobs as chairman of the board in November after Jobs's death. On October 5, 2011, Steve Jobs died, marking the end of an era for Apple. The next major product announcement by Apple
26394-561: Was running BlackBerry OS 6.0.0.246. The team of Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmann took advantage of a vulnerability in the Blackberry's WebKit-based web browser by visiting their previously prepared webpage. Firefox, Android, and Windows Phone 7 were scheduled to be tested during day 2, but the security researchers that had been chosen for these platforms did not attempt any exploits. Sam Thomas had been selected to test Firefox, but he withdrew stating that his exploit
26560-532: Was selected to go after Miller. Nils successfully ran an exploit against Internet Explorer 8 on Windows 7 Beta. In writing this exploit, Nils had to bypass anti-exploitation mitigations that Microsoft had implemented in Internet Explorer 8 and Windows 7, including Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR). Nils continued trying the other browsers. Although Miller had already exploited Safari on OS X, Nils exploited this platform again, then moved on to exploit Firefox successfully. Near
26726-497: Was significantly more secure than any other competitors. On March 20, roughly three weeks before CanSecWest that year, Ruiu announced the Pwn2Own contest to security researchers on the DailyDave mailing list. The contest was to include two MacBook Pros that he would leave on the conference floor hooked up to their own wireless access point . Any conference attendee that could connect to this wireless access point and exploit one of
26892-563: Was subsequently designed to be a "Chinese version of Pwn2Own", also taking place twice a year. Also, shortly before the 2018 conference, Microsoft had patched several vulnerabilities in Edge, causing many teams to withdraw. Nevertheless, certain openings were found in Edge, Safari, Firefox and more. No hack attempts were made against Chrome, although the reward offered was the same as for Edge. Hackers were ultimately awarded $ 267,000. While many Microsoft products had large rewards available to anyone who
27058-517: Was succeeded as CEO by Tim Cook . Apple's current product lineup includes portable and home hardware such as the iPhone, iPad, Apple Watch , Mac , and Apple TV ; operating systems such as iOS , iPadOS , and macOS ; and various software and services including Apple Pay , iCloud , and multimedia streaming services like Apple Music and Apple TV+ . Apple is one of the Big Five American information technology companies; for
27224-439: Was successfully hacked and every prize won, totaling $ 557,500. Other prizes such as laptops were also given to winning researchers. In 2018, the conference was much smaller and sponsored primarily by Microsoft , after China banned its security researchers from participating in the contest. Pwn2Own continues to be sponsored by Trend Micro 's Zero Day Initiative, with ZDI reporting vulnerabilities to vendors before going public with
27390-434: Was the earliest revision that was widely adopted and led to what Microsoft designated the " Legacy-free PC ". Neither USB 1.0 nor 1.1 specified a design for any connector smaller than the standard type A or type B. Though many designs for a miniaturized type B connector appeared on many peripherals, conformity to the USB 1. x standard was hampered by treating peripherals that had miniature connectors as though they had
27556-412: Was turned on and Bluetooth could be turned on and paired with a nearby headset (additional pairing disallowed). Day 3 allowed one level of user interaction with the default applications. Multiple winners per device were allowed, but only the first contestant to exploit each mobile device would get it (along with a one-year phone contract). Based on the increased interest in competing in 2009, ZDI arranged
#767232