Την τρίτη ημέρα του hacking διαγωνισμού Pwn2Own 2017 που πραγματοποιήθηκε στο Βανκούβερ την Παρασκευή, ένας guest σε σύστημα Windows που ήταν εγκατεστημένο σε VMware Workstation κατάφερε να "δραπετεύσει" δύο φορές.
The Chinese team της εταιρείας ασφαλείας Qihoo 360 ξεκίνησε αξιοποιώντας ευπάθειες στον Edge browser της Microsoft που της επέτρεψαν να "φύγει" από την virtual VMware machine, and reach the host system. The team from this one attack managed to win a prize of $105.000.
The second VMware Workstation breakout was made by the Tencent Security team, which won $100.000 for exposing a Windows vulnerability kernel use-after-free σε συνδυασμό με ένα "Workstation infoleak and an uninitialized buffer in Workstation to go guest-to-host."
Both teams were able to escape the virtual machines and were found to be first and second respectively in the ranking of the competition.
In the previous days of Pwn2Own 2017, which we have described in an earlier publication, Flash, Windows Kernel, Microsoft Edge, MacOS Kernel, Firefox and Apple's Safari were violated (again).
In October, Microsoft said it was aware of the four zero-day vulnerabilities in Edge, Office, and Internet Explorer.