The popular hacker contest attracted researchers from all over who were targeting all the major browsers, as well as third-party software such as Flash and Java. Companies such as VUPEN and MWR Labs were able to beat locked-down versions of IE 10 running on Windows 8 and Mozilla’s Firefox browser, as well as Chrome running on Windows. Unlike Mozilla and Google, both of which patched the flaws exploited during the contest within 24 hours, Microsoft had yet to update its browser. This has been compounded after last Thursday’s advanced notification that indicated a cumulative IE update was coming today.
“This puts them quite a bit behind other browsers that already patched their Pwn2Own bugs,” said Andrew Storms, director of security operations at nCircle.