On day three of the Pwn2Own 2017 hacking competition held in Vancouver on Friday, a guest on a system Windows installed on VMware Workstation managed to "escape" twice.
The Chinese security company Qihoo 360's team started by exploiting vulnerabilities in Microsoft's Edge browser that allowed it to "escape" virtual VMware machine, and reach the host system. The team from this particular attack managed to win a prize of 105.000 dollars.
The second escape from VMware Workstation was made by the Tencent Security team, which won $ 100.000 for presenting a vulnerability in Windows kernel use-after-free combined with a “Workstation infoleak and an uninitialized buffer in Workstation to go guest-to -host. ”
Both teams were able to escape virtual machines and were found to be the first and second respectively in the ranking of the competition.
In the previous days of Pwn2Own 2017, which we have described in an earlier publication, Flash, Windows Kernel, Microsoft Edge, MacOS Kernel, etc. were hacked (again). Firefox and Safari, Apple's browser.
Note that in October, Microsoft said it was aware of the four zero-day vulnerabilities that exist in Edge, Office, and Internet Explorer.