Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 03 Nov 2017 16:00:09 +0000
Competition is inherent in our DNA. At a basic level, we compete for things like water and food. We also take it up a level and compete for wealth, fame and power. Some compete to be the best in sports, like my Houston Astros winning the 2017 World Series, and others compete to be the best in their industry. While most competitions end up with one winner, sometimes the trophy isn’t the prize. It’s what we learn from the competition that gives use the most value.
Earlier this week, the Zero Day Initiative (ZDI) held the Mobile Pwn2Own contest in Tokyo, Japan. This year’s contest ended up being our biggest contest ever. A total of 32 unique vulnerabilities were submitted to ZDI over the course of the contest. ZDI awarded contestants a whopping $515,000 as well as multiple mobile phones. Since the contestants “pwn” the phones, they get to own them. While there were several worthy contestants, only one can be crowned the Master of Pwn. Congratulations to the Tencent Keen Security Lab team for earning the Master of Pwn title.
While the Tencent Keen Security Lab team gets the cool trophy, we at Trend Micro get something even more valuable. The Zero Day Initiative works with the affected vendors to ensure they have the information they need to fix the vulnerabilities, and in turn, we get exclusive access to the vulnerability information so that we can provide protection to our customers while patches are being developed.
There are 40 new zero-day filters covering eight vendors in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.
Adobe (7)
29811: ZDI-CAN-5139: Zero Day Initiative Vulnerability (Adobe Flash)
29833: ZDI-CAN-5202: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
29834: ZDI-CAN-5203: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
29850: ZDI-CAN-5218: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
29851: ZDI-CAN-5219: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
29852: ZDI-CAN-5220: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)
29853: ZDI-CAN-5221: Zero Day Initiative Vulnerability (Adobe Reader DC)
Belkin (1)
29835: ZDI-CAN-5206: Zero Day Initiative Vulnerability (Belkin Wemo Link)
Foxit (1)
29849: ZDI-CAN-5216: Zero Day Initiative Vulnerability (Foxit Reader)