Breaking News

Organization Identifies Implications of BigTech's Engagement in Financial Data Under U.S. Pressure, Europe Agrees on Security Risks of 5G Equipment 108-Megapixel Mi Note 10 Budget Smartphone Launching in Japan Researchers Demonstrate High-speed SOT-MRAM Memory Cell Compatible with 300mm Si CMOS Technology Imex Says 2D Materials Could Allow Extreme Scaling for Logic and Memory Transistors

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Hackers Demonstrate VM Escapes In Pwn2Own 2017 Hacking Contest

Hackers Demonstrate VM Escapes In Pwn2Own 2017 Hacking Contest

Enterprise & IT Mar 21,2017 0

At the final day of the Pwn2Own hacking contest , two teams of researchers chained multiple vulnerabilities together to escape from a guest OS running inside a VMware Workstation virtual machine.

Hypervisors like VMware Workstation are trying to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. As a result, VM escape exploits are highly prized in hacking contest. This year, the organizers of Pwn2Own, an annual hacking contest that runs during the CanSecWest conference in Vancouver, Canada, offered a prize of US$100,000 for breaking the isolation layer enforced by the VMware Workstation or Microsoft Hyper-V hypervisors.

Tencent Security's Team Sniper (Keen Lab and PC Mgr) used a three-bug chain to win the Virtual Machines Escapes (Guest-to-Host) category with a VMWare Workstation exploit. They used a Windows kernel UAF, a VMware info leak and an uninitialized VMware buffer to go guest-to-host. This garnered them $100,000 and 13 points for Master of Pwn.

Another team, from the security arm of Qihoo 360, achieved an even more impressive attack chain that started with a compromise of Microsoft Edge, moved to the Windows kernel, and then escaped from the VMware Workstation virtual machine. They were awarded $105,000 for their feat.

The "attackers" had to start from a non-privileged account on the guest OS, and the VMware Tools, a collection of drivers and utilities that enhance the virtual machine's functionality, were not installed.

Also on the third day, researcher Richard Zhu successfully hacked Microsoft Edge, complete with a system-level privilege escalation that earned him $55,000. It was fifth Microsoft Edge exploit demonstrated during the competition.

Apple's Safari fell four times, Mozilla Firefox once, but Google Chrome remained unscathed. Researchers also demonstrated two exploits for Adobe Reader and two for Flash Player, both with sandbox escapes. The contest also included many privilege escalation exploits on Windows and macOS.

Tags: Pwn2OwnHacking
Previous Post
ARM DynamIQ Cluster Technology Boosts AI Instruction Performwnce By 50x
Next Post
Adobe, Microsoft To Offer Solutions That Share Sales Data

Related Posts

  • Cryptocurrency Exchange Upbit Lost US$50 Million in Hack

  • OnePlus Discloses Data Breach

  • T-Mobile Says Customers' Data Accessed in Hack

  • Pwn2Own Tokyo 2019 Concludes With Six Successful Hacking Attempts, $315,000 Awarded

  • Amazon Echo, Samsung and Sony smart TVs Fall on first day of Pwn2Own Hacking Contest

  • Hackers Targeted Government Officials Using WhatsApp Malware

  • Internet Domain Name Provider Networks Solutions Hacked

  • Microsoft Identifies Russia-linked hackers That Hit Sports Organizations

0 Comments

Leave a Reply

More information about text formats

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

BBCode

  • No HTML tags allowed.
  • You may use these tags: [abbr], [acronym], [b], [center], [code], [color], [define], [font], [h1], [h2], [h3], [h4], [h5], [h6], [hr], [i], [img], [justify], [left], [list], [node], [php], [quote], [right], [s], [size], [sub], [sup], [u], [url], [wikipedia], [youtube], [align], [link], [ol], [ul]
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.

Latest News

Organization Identifies Implications of BigTech's Engagement in Financial Data
Enterprise & IT

Organization Identifies Implications of BigTech's Engagement in Financial Data

Under U.S. Pressure, Europe Agrees on Security Risks of 5G Equipment
Enterprise & IT

Under U.S. Pressure, Europe Agrees on Security Risks of 5G Equipment

108-Megapixel Mi Note 10 Budget Smartphone Launching in Japan
Smartphones

108-Megapixel Mi Note 10 Budget Smartphone Launching in Japan

Researchers Demonstrate High-speed SOT-MRAM Memory Cell Compatible with 300mm Si CMOS Technology
Enterprise & IT

Researchers Demonstrate High-speed SOT-MRAM Memory Cell Compatible with 300mm Si CMOS Technology

Imex Says 2D Materials Could Allow Extreme Scaling for Logic and Memory Transistors
Enterprise & IT

Imex Says 2D Materials Could Allow Extreme Scaling for Logic and Memory Transistors

Popular Reviews

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

CeBIT 2005

CeBIT 2005

Club3D HD3850

Club3D HD3850

CeBIT 2006

CeBIT 2006

LiteOn iHBS112 review

LiteOn iHBS112 review

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

Hitachi DZ-MV100A DVD Camcorder

Hitachi DZ-MV100A DVD Camcorder

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed