BeQuiet Jubiläum Banner 970x90
Breaking News

Pioneer announces new internal/external BD Recorders for USA market Logitech announces new headphones, Racing Wheel, microphones, Earbuds and gaming console! G.SKILL Announces DDR5-6800 CL32 2x16GB and DDR5-6400 CL32 2x32GB Trident Z5 RGB Memory Kits Noctua confirms AM5 heatsink compatibility and announces free-of-charge upgrades for low-profile coolers and older heatsink models TEAMGROUP and BIOSTAR's First Collaboration Brings New Legendary RGB DDR5

logo

Hackers Demonstrate VM Escapes In Pwn2Own 2017 Hacking Contest

Hackers Demonstrate VM Escapes In Pwn2Own 2017 Hacking Contest

Enterprise & IT 0

At the final day of the Pwn2Own hacking contest , two teams of researchers chained multiple vulnerabilities together to escape from a guest OS running inside a VMware Workstation virtual machine.

Hypervisors like VMware Workstation are trying to create a barrier between the guest operating system that runs inside the virtual machine and the host OS where the hypervisor runs. As a result, VM escape exploits are highly prized in hacking contest. This year, the organizers of Pwn2Own, an annual hacking contest that runs during the CanSecWest conference in Vancouver, Canada, offered a prize of US$100,000 for breaking the isolation layer enforced by the VMware Workstation or Microsoft Hyper-V hypervisors.

Tencent Security's Team Sniper (Keen Lab and PC Mgr) used a three-bug chain to win the Virtual Machines Escapes (Guest-to-Host) category with a VMWare Workstation exploit. They used a Windows kernel UAF, a VMware info leak and an uninitialized VMware buffer to go guest-to-host. This garnered them $100,000 and 13 points for Master of Pwn.

Another team, from the security arm of Qihoo 360, achieved an even more impressive attack chain that started with a compromise of Microsoft Edge, moved to the Windows kernel, and then escaped from the VMware Workstation virtual machine. They were awarded $105,000 for their feat.

The "attackers" had to start from a non-privileged account on the guest OS, and the VMware Tools, a collection of drivers and utilities that enhance the virtual machine's functionality, were not installed.

Also on the third day, researcher Richard Zhu successfully hacked Microsoft Edge, complete with a system-level privilege escalation that earned him $55,000. It was fifth Microsoft Edge exploit demonstrated during the competition.

Apple's Safari fell four times, Mozilla Firefox once, but Google Chrome remained unscathed. Researchers also demonstrated two exploits for Adobe Reader and two for Flash Player, both with sandbox escapes. The contest also included many privilege escalation exploits on Windows and macOS.

Related Posts