Breaking News

GIGABYTE AORUS Gen4 7000s SSD- The Fastest PCIe 4.0 NVMe SSD TerraMaster Releases All-New TOS 4.2 Samsung Announces S21 series with new Galaxy Buds Pro Sony Launches Newest Addition to G Master Full-Frame Lens Series with the Indispensable FE 35mm F1.4 GM AMD Announces World’s Best Mobile Processors In CES 2021

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Pwn2Own 2020: Hackers Targeted Ubuntu, VMWare, Windows 10 and More

Pwn2Own 2020: Hackers Targeted Ubuntu, VMWare, Windows 10 and More

Enterprise & IT Mar 20,2020 0

The annual hacking event Pwn2Own was held for the first time remotely and several hackers from all over the world participated and demonstrated their capabilities.

On the first day of the contest, hackers won $180,000 for 9 bugs across three categories. Zero Day Initiative (ZDI) researchers verified their attempts, which were successful. Here’s a quick recap video of the day’s proceedings:

The day began with Pwn2Own newcomers – a team from Georgia Tech Systems Software & Security Lab (@SSLab_Gatech) consisting of Yong Hwi Jin, Jungwon Lim, and Insu Yun. They were targeting Apple Safari with a macOS kernel escalation of privilege. They chained together six unique bugs starting with a JIT vulnerability and ending with TOCTOU/race condition to escape the sandbox and pop a root shell. They also disabled System Integrity Protection (SIP) on the device to demonstrate that they achieved kernel-level code execution. Their smooth demonstration earned them $70,000 and 7 points towards Master of Pwn.

Next up, Pwn2Own veteran Flourescence set his sights on Microsoft Windows 10. His use-after-free (UAF) bug in Windows allowed him to escalate permissions to SYSTEM. He earned $40,000 and 4 Master of Pwn points in the process.

The third attempt of the day saw another Pwn2Own rookie take the field. Manfred Paul of the RedRocket CTF team chose to target the Ubuntu Desktop with a local privilege escalation (LPE) exploit. He leveraged an improper input validation bug in the kernel to go from a standard user to root. His first foray into the world of Pwn2Own earned him $30,000 and 3 points towards Master of Pwn.

The first day of Pwn2Own 2020 ended with the returning Fluoroacetate duo of Amat Cama and Richard Zhu ready to defend their Master of Pwn crown. They leveraged a UAF in Windows to escalate from a regular user to SYSTEM. This was a different UAF than the one used earlier in the day. This final entry of Day One earned them $40,000 and 4 points towards Master of Pwn.

In day two of the contest, Phi Phạm Hồng (@4nhdaden) of STAR Labs (@starlabs_sg) targeted Oracle VirtualBox in the Virtualization category. 4nhdaden using an OOB Read for an info leak and an unitialized variable for code execution on the hypervisor. He earned himself $40,000 and 4 Master of Pwn points.

The Fluoroacetate team of Amat Cama and Richard Zhu targeted Adobe Reader with a Windows local privilege escalation. The duo used a pair of UAFs - one in Acrobat and one in the Windows kernel - to elevate privilieges and to over the system. They earned $50,000 and 5 points towards Master of Pwn.

The Synacktiv team of Corentin Bayet (@OnlyTheDuck) and Bruno Pujos (@BrunoPujos) targeted the VMware Workstation in the Virtualization category. However, the team was unable to demonstrate their exploit in the time allotted.

A Special successful demonstration from Lucas Leong (@_wmliang_) of the Zero Day Initiative was against Oracle VirtualBox.

Tags: Pwn2OwnHacking
Previous Post
Google Discounts Stadia Premium Edition
Next Post
Tesla Suspends Production at U.S. Car Factory

Related Posts

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Microsoft Offers You $100,000 If You Can Hack the Linux-based Azure Sphere

  • Zoom Users' Data have Been on Sale on Dark Web: report

  • Indonesia's Tokopedia Inverstigates Alleged Data Leak of 91 Million Users

  • Nintendo Says 160,000 Accounts Have Been Hacked

  • Marriott Discloses New Data Breach

  • FireEye Warns About Chinese APT41 Global Intrusion Campaign Using Multiple Exploits

  • Hackers Hit Olympics, IOC and FC Barcelona's Accounts

Latest News

GIGABYTE AORUS Gen4 7000s SSD- The Fastest PCIe 4.0 NVMe SSD
PC components

GIGABYTE AORUS Gen4 7000s SSD- The Fastest PCIe 4.0 NVMe SSD

TerraMaster Releases All-New TOS 4.2
Enterprise & IT

TerraMaster Releases All-New TOS 4.2

Samsung Announces S21 series with new Galaxy Buds Pro
Smartphones

Samsung Announces S21 series with new Galaxy Buds Pro

Sony Launches Newest Addition to G Master Full-Frame Lens Series with the Indispensable FE 35mm F1.4 GM
Cameras

Sony Launches Newest Addition to G Master Full-Frame Lens Series with the Indispensable FE 35mm F1.4 GM

AMD Announces World’s Best Mobile Processors In CES 2021
PC components

AMD Announces World’s Best Mobile Processors In CES 2021

Popular Reviews

CeBIT 2005

CeBIT 2005

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

CeBIT 2006

CeBIT 2006

LiteOn iHBS112 review

LiteOn iHBS112 review

Club3D HD3850

Club3D HD3850

Crucial P1 NVMe 1TB SSD review

Crucial P1 NVMe 1TB SSD review

Hitachi DZ-MV100A DVD Camcorder

Hitachi DZ-MV100A DVD Camcorder

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

Toshiba Exceria M303 64GB and M501 Exceria Pro 64GB MicroSDXC review

  • Home
  • News
  • Reviews
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed