BeQuiet Jubiläum Banner 970x90
Breaking News

AORUS Gen5 10000 SSD Hit the Market with 10GB/s and Up! Nikon releases the NIKKOR Z 26mm f/2.8 and NIKKOR Z 85mm f/1.2 S Nikon releases a new black version of the Z fc APS-C size mirrorless camera Launch schedule of SIGMA 50mm F1.4 DG DN | Art Razer unveils the Viper Mini Signature Edition – a magnesium alloy gaming masterpiece

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Pwn2Own 2020: Hackers Targeted Ubuntu, VMWare, Windows 10 and More

Pwn2Own 2020: Hackers Targeted Ubuntu, VMWare, Windows 10 and More

Enterprise & IT Mar 20,2020 0

The annual hacking event Pwn2Own was held for the first time remotely and several hackers from all over the world participated and demonstrated their capabilities.

On the first day of the contest, hackers won $180,000 for 9 bugs across three categories. Zero Day Initiative (ZDI) researchers verified their attempts, which were successful. Here’s a quick recap video of the day’s proceedings:

The day began with Pwn2Own newcomers – a team from Georgia Tech Systems Software & Security Lab (@SSLab_Gatech) consisting of Yong Hwi Jin, Jungwon Lim, and Insu Yun. They were targeting Apple Safari with a macOS kernel escalation of privilege. They chained together six unique bugs starting with a JIT vulnerability and ending with TOCTOU/race condition to escape the sandbox and pop a root shell. They also disabled System Integrity Protection (SIP) on the device to demonstrate that they achieved kernel-level code execution. Their smooth demonstration earned them $70,000 and 7 points towards Master of Pwn.

Next up, Pwn2Own veteran Flourescence set his sights on Microsoft Windows 10. His use-after-free (UAF) bug in Windows allowed him to escalate permissions to SYSTEM. He earned $40,000 and 4 Master of Pwn points in the process.

The third attempt of the day saw another Pwn2Own rookie take the field. Manfred Paul of the RedRocket CTF team chose to target the Ubuntu Desktop with a local privilege escalation (LPE) exploit. He leveraged an improper input validation bug in the kernel to go from a standard user to root. His first foray into the world of Pwn2Own earned him $30,000 and 3 points towards Master of Pwn.

The first day of Pwn2Own 2020 ended with the returning Fluoroacetate duo of Amat Cama and Richard Zhu ready to defend their Master of Pwn crown. They leveraged a UAF in Windows to escalate from a regular user to SYSTEM. This was a different UAF than the one used earlier in the day. This final entry of Day One earned them $40,000 and 4 points towards Master of Pwn.

In day two of the contest, Phi Phạm Hồng (@4nhdaden) of STAR Labs (@starlabs_sg) targeted Oracle VirtualBox in the Virtualization category. 4nhdaden using an OOB Read for an info leak and an unitialized variable for code execution on the hypervisor. He earned himself $40,000 and 4 Master of Pwn points.

The Fluoroacetate team of Amat Cama and Richard Zhu targeted Adobe Reader with a Windows local privilege escalation. The duo used a pair of UAFs - one in Acrobat and one in the Windows kernel - to elevate privilieges and to over the system. They earned $50,000 and 5 points towards Master of Pwn.

The Synacktiv team of Corentin Bayet (@OnlyTheDuck) and Bruno Pujos (@BrunoPujos) targeted the VMware Workstation in the Virtualization category. However, the team was unable to demonstrate their exploit in the time allotted.

A Special successful demonstration from Lucas Leong (@_wmliang_) of the Zero Day Initiative was against Oracle VirtualBox.

Tags: Pwn2OwnHacking
Previous Post
Google Discounts Stadia Premium Edition
Next Post
Tesla Suspends Production at U.S. Car Factory

Related Posts

  • Hackers gain access to PS5 Debug Menu and show decrypted PS5 firmware files

  • HP Threat Research Shows Attackers Exploiting Zero‐Day Vulnerability Before Enterprises Can Patch

  • EA Gets hacked - 780GB of data and sourcecode stolen

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Microsoft Offers You $100,000 If You Can Hack the Linux-based Azure Sphere

  • Zoom Users' Data have Been on Sale on Dark Web: report

  • Indonesia's Tokopedia Inverstigates Alleged Data Leak of 91 Million Users

  • Nintendo Says 160,000 Accounts Have Been Hacked

BeQuiet Jubiläum Banner 300x600

 

Latest News

AORUS Gen5 10000 SSD Hit the Market with 10GB/s and Up!
PC components

AORUS Gen5 10000 SSD Hit the Market with 10GB/s and Up!

Nikon releases the NIKKOR Z 26mm f/2.8 and NIKKOR Z 85mm f/1.2 S
Cameras

Nikon releases the NIKKOR Z 26mm f/2.8 and NIKKOR Z 85mm f/1.2 S

Nikon releases a new black version of the Z fc APS-C size mirrorless camera
Cameras

Nikon releases a new black version of the Z fc APS-C size mirrorless camera

Launch schedule of SIGMA 50mm F1.4 DG DN | Art
Cameras

Launch schedule of SIGMA 50mm F1.4 DG DN | Art

Razer unveils the Viper Mini Signature Edition – a magnesium alloy gaming masterpiece
PC components

Razer unveils the Viper Mini Signature Edition – a magnesium alloy gaming masterpiece

Popular Reviews

Withings Thermo Wi-Fi-connected temporal thermometer

Withings Thermo Wi-Fi-connected temporal thermometer

EnGenius ECW230 Access Point

EnGenius ECW230 Access Point

Withings Body Plus Scale

Withings Body Plus Scale

Withings Sleep Analyzer

Withings Sleep Analyzer

EnGenius ECW230S AP

EnGenius ECW230S AP

Noctua NH-D12L CPU Cooler

Noctua NH-D12L CPU Cooler

Scythe Fuma 2 CPU Cooler

Scythe Fuma 2 CPU Cooler

be quiet! Pure Rock 2 FX

be quiet! Pure Rock 2 FX

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed