Tuesday, October 17, 2017
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Qualcomm Debuts Snapdragon 636 Mobile Platform, X50 5G Modem For Mobiles
New Fall Update for Xbox One starting to roll out today
Windows OS is Protected Against KRACK Wi-Fi Attacks
First iPhone X Devices Have Left Foxconn's Factory
Noctua Introduces Chromax Line Fans, Cables and Heatsink Covers
HUAWEI Mate 10 and HUAWEI Mate 10 Pro Feature LTE Cat 18 , First Kirin AI Processor
Adobe Patches Patches Critical Security Hole in Flash software
Samsung Introduces Cellular IoT Mobile Device to Track Your Pets, Children, or Personal Items
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Hackers...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, March 21, 2017
Hackers Demonstrate VM Escapes In Pwn2Own 2017 Hacking Contest


At the final day of the Pwn2Own hacking contest , two teams of researchers chained multiple vulnerabilities together to escape from a guest OS running inside a VMware Workstation virtual machine.



Hypervisors like VMware Workstation are trying to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. As a result, VM escape exploits are highly prized in hacking contest. This year, the organizers of Pwn2Own, an annual hacking contest that runs during the CanSecWest conference in Vancouver, Canada, offered a prize of US$100,000 for breaking the isolation layer enforced by the VMware Workstation or Microsoft Hyper-V hypervisors.

Tencent Security's Team Sniper (Keen Lab and PC Mgr) used a three-bug chain to win the Virtual Machines Escapes (Guest-to-Host) category with a VMWare Workstation exploit. They used a Windows kernel UAF, a VMware info leak and an uninitialized VMware buffer to go guest-to-host. This garnered them $100,000 and 13 points for Master of Pwn.

Another team, from the security arm of Qihoo 360, achieved an even more impressive attack chain that started with a compromise of Microsoft Edge, moved to the Windows kernel, and then escaped from the VMware Workstation virtual machine. They were awarded $105,000 for their feat.

The "attackers" had to start from a non-privileged account on the guest OS, and the VMware Tools, a collection of drivers and utilities that enhance the virtual machine's functionality, were not installed.

Also on the third day, researcher Richard Zhu successfully hacked Microsoft Edge, complete with a system-level privilege escalation that earned him $55,000. It was fifth Microsoft Edge exploit demonstrated during the competition.

Apple's Safari fell four times, Mozilla Firefox once, but Google Chrome remained unscathed. Researchers also demonstrated two exploits for Adobe Reader and two for Flash Player, both with sandbox escapes. The contest also included many privilege escalation exploits on Windows and macOS.



Previous
Next
ARM DynamIQ Cluster Technology Boosts AI Instruction Performwnce By 50x        All News        Adobe, Microsoft To Offer Solutions That Share Sales Data
ARM DynamIQ Cluster Technology Boosts AI Instruction Performwnce By 50x     General Computing News      Adobe, Microsoft To Offer Solutions That Share Sales Data

Get RSS feed Easy Print E-Mail this Message

Related News
Free CCleaner Software Compromised to Open Back-door to Million of PCs
Millions Time Warner Cable Records Exposed, Instagram Security Bug Fixed
HBO Offered $250,000 to Hackers
Hackers Attacked U.K. Parliament
WikiLeaks Says 'Athena' CIA Spying Program Targets All Versions of Windows
U.S.Navy Disclosed Security Breach In Its Systems
Hackers Probed Voting Systems, U.S. Says
Hackers Accesssed Customer Credit Card Data From Acer Store
Mark Zuckerberg's Social Media Accounts Were Hacked
Hackers Steal, Sell Verizon Enterprise Customer Data
U.S IRS Discovers More Data Had Leaked In Last Year's Cyberattack
Cisco Routers Vulnerable To Attack: researchers

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2017 - All rights reserved -
Privacy policy - Contact Us .