Pwn2Own: Escape from VMware Workstation via Microsoft Edge

On day three of the Pwn2Own 2017 hacking contest held in Vancouver on Friday, a guest at που ήταν εγκατεστημένο σε Workstation managed to "escape" twice.

Η κινέζικη ομάδα της εταιρείας ασφαλείας Qihoo 360 ξεκίνησε αξιοποιώντας ευπάθειες στον Edge browser της Microsoft που της επέτρεψαν να “φύγει” από την εικονική μηχανή VMware, και να φτάσει στο κυρίως σύστημα. Η ομάδα από τη συγκεκριμένη managed to win a prize of $105.000.Pwn2Own

The second escape from VMware Workstation was made by the Tencent Security team, which won $ 100.000 for presenting a vulnerability in Windows kernel use-after-free combined with a “Workstation infoleak and an uninitialized buffer in Workstation to go guest-to -host. ”

Both teams were able to escape virtual machines and were found to be the first and second respectively in the ranking of the competition.

In the previous days of Pwn2Own 2017, which we have described in an earlier publication, Flash, Windows Kernel, Microsoft Edge, MacOS Kernel, etc. were hacked (again). and Safari, Apple's browser.

In October, Microsoft said it was aware of the four zero-day vulnerabilities in Edge, Office, and Internet Explorer.

DAY THREE

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).