Richard Zhu

That's a wrap! Congrats to @fluoroacetate on winning Master of Pwn. There total was $375,000 (plus a vehicle) for the week. Superb work from this great duo.

Confirmed! The @fluoroacitate duo used a JIT bug in the renderer to win $35,000 and a Model 3. What a great way to kick off the automotive category of #Pwn2Own.

The @fluoroacetate duo does it again. They used a type confusion in #Edge, a race condition in the kernel, then an out-of-bounds write in #VMware to go from a browser in a virtual client to executing code on the host OS. They earn $130K plus 13 Master of Pwn points.

That brings to an end #Pwn2Own Tokyo 2018! Congrats to team @fluoroacetate on earning 45 points and being crowned Master of Pwn! #P2OTokyo

Confirmed! The @fluoroacetate duo used an integer overflow in the JavaScript engine of the #Xiaomi web browser to exfiltrate a picture from the phone. They earn $25K and 6 Master of Pwn points.

Confirmed! The @fluoroacetate duo combined a bug in JIT with an Out-Of-Bounds Access to exfiltrate data from the iPhone. In the demo, they grabbed a previously deleted photo. In doing so, they earn themselves $50K and 8 Master of Pwn points. #P2OTokyo

Confirmed! The dynamic @fluoroacetate duo used a JIT bug followed by an Out-Of-Bounds write to get code execution on the #iPhoneX. They earned themselves an additional $60K and 10 more Master of Pwn points.

Confirmed! The team of @fluoroacetate successfully got code execution by using a heap overflow in the baseband component. The exploit earns them $50,000 USD and 15 more Master of Pwn points.

Confirmed! Our 1st attempt at #Pwn2Own Tokyo becomes our 1st successful entry. @fluoroacetate (Amat Cama and Richard Zhu) used an out-of-bounds write in WebAssembly to get code execution via NFC on the #Xiaomi Mi6. They earn $30K USD and 6 Master of Pwn points!

ios 11.4 jailbreak

Congrats to @RZ_fluorescence on being named Master of Pwn for #Pwn2Own 2018! His exploits for Edge and Firefox earned him $120,000, this sweet jacket, and the trophy. We hope he returns in the future to defend his title.

Confirmed! @RZ_fluorescence used an OOB write in the browser & an integer overflow in the Windows kernel to pop #FireFox and execute his code w/ elevated privileges. Earns $50K & 5 Master of Pwn points. His event total is now $120,000.

Boom! No drama for @RZ_fluorescence today as he takes down FireFox on his first attempt. Now off to the disclosure room for confirmation and vendor notification.

Confirmed! After plenty of drama -including reworking his exploit live, on the clock, in front of a crowd- @RZ_fluorescence used 2 UAFs in Edge and an integer overflow in the kernel to win $70,000 and 7 points towards Master of Pwn. #Pwn2Own

@War_God420 Thanks !

Confirmed! Richard Zhu (fluorescence) uses 2 bugs to escape #Safari sandbox and executed code on iOS 11.1. Earns $20K in the process. #MP2O

Success! Richard Zhu (fluorescence) used 2 separate UAFs in Edge then escalated to SYSTEM w/ a kernel bug. Gets $55K for popping shell. 💰💰💯