Moose |
Don't make me assume my ultimate form!
|
|
|
Reged: 05/03/04
|
Posts: 1483
|
Loc: Outback, Australia
|
|
Send PM
|
|
Virtual machine escape fetches $105,000 at Pwn2Own hacking contest
03/18/17 12:37 PM
|
|
|
https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/
Quote:
members of Qihoo 360's security team carried out the hack by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware, contest organizers reported Friday morning on Twitter. The result was a "complete virtual machine escape."
"We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox, and we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine," Qihoo 360 Executive Director Zheng Zheng wrote in an e-mail. "Then we exploited a hardware simulation bug within VMware to escape from the guest operating system to the host one. All started from and only by a controlled a website."
And:
Quote:
At last year's Pwn2Own, contestants didn't attempt to target VMWare, an indication reliable exploits were probably worth more than the $75,000 prize that was offered at the time.
Moose
|
|