Vista falls in Pwn2Own contests final day to a flaw in Adobe Flash

by Nathan McFeters
http://blogs.zdnet.com/security/

On the final day of the Pwn2Own contest, the Vista machine has fallen to a group of hackers including Shane Macaulay from Security Objectives, Derek Callaway (also from Security Objectives) and Alexander Sotirov (see JavaScript Heap Feng Shui). From the ZDI site:

    7:30pm PST Update - Vista Laptop was Won!: Congratulations to Shane Macaulay from Security Objectives - he has just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash. Not only is he the official winner of the Fujitsu laptop, but also $5,000 from us. Shane received some assistance from his friends Derek Callaway (also from Security Objectives) and Alexander Sotirov. If you’ll also remember, Shane Macaulay was Dino Dai Zovi’s on-site team member at last year’s PWN to OWN event in which they ultimately took the top prize.

    The new Adobe Flash 0day vulnerability that Shane exploited has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Adobe who is now working on the issue. Until Adobe releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability. You will be able to track the vulnerability on the Zero Day Initiative upcoming advisories page.

Congrats to all of the winners!

-Nate