Kwanan nan sakamakon kwanaki uku na gasar Pwn2Own 2021, ana gudanar kowace shekara a matsayin wani ɓangare na taron CanSecWest.
Kamar yadda yake a cikin shekarar da ta gabata, an gudanar da gasa kusan kuma an nuna hare-haren ta yanar gizo. Daga cikin maƙasudin 23, dabarun aiki don amfani da raunin da ba a sani ba a baya an nuna su ga Ubuntu, Windows 10, Chrome, Safari, Desktop Parallels, Microsoft Exchange, Microsoft Teams, da Zoom.
A kowane hali, an gwada sababbin sifofin software, gami da duk sabuntawar da ke akwai. Jimlar kudaden sun kasance dalar Amurka miliyan daya da dubu dari biyu.
A cikin gasar, an yi ƙoƙari uku don amfani da rauni a cikin Ubuntu wanda aka kirga na farko da na biyu kuma maharan sun sami damar nuna karuwar gata na gari ta hanyar amfani da raunin da ba a san shi ba a baya wanda ke da alaƙa da ambaliyar ruwa da kuma kyauta sau biyu na ƙwaƙwalwa (wanda ba a ba da rahoton abubuwan da ke cikin matsalar ba kuma ana ba masu haɓaka kwanaki 90 don gyara kwari har sai bayanan sun bayyana).
Daga cikin wadannan raunin da aka nuna wa Ubuntu, kari an biya $ 30,000.
Attemptoƙari na uku, da wata ƙungiya ta yi a cikin nau'ikan cin zarafin ƙananan gata, kawai an sami nasara ne kawai: amfani ya yi aiki kuma aka ba shi damar samun tushen, amma harin ba shi da cikakken daraja, tun kwaron da ke hade da yanayin rauni ya riga ya zama kasida kuma ya kasance sananne ga masu haɓaka Ubuntu kuma ana shirin sabuntawa tare da gyara.
Har ila yau an nuna nasarar nasara ga masu bincike tare da fasahar Chromium: Google Chrome da Microsoft Edge, daga cikin waɗannan an ba da kyautar $ 100,000 don ƙirƙirar amfani wanda ke ba da damar lambar ta yi aiki lokacin da ka buɗe wani shafi da aka tsara na musamman a cikin Chrome da Edge (an ƙirƙiri amfani da duniya ga duka masu binciken)
Dangane da wannan raunin, an ambaci cewa ana sa ran buga bita a cikin fewan awanni masu zuwa, yayin da kawai aka sani cewa raunin ya kasance a cikin aikin da ke da alhakin sarrafa abubuwan yanar gizo (mai ba da rahoto).
A gefe guda, an biya dala dubu 200 a Zoom kuma an nuna cewa za a iya shigar da kayan aikin zuƙowa ta hanyar aiwatar da wasu lambobi aika sako ga wani mai amfani, ba buƙatar wani aiki daga mai karɓa ba. Harin ya yi amfani da rauni sau uku a Zuƙowa ɗaya kuma a cikin tsarin aiki na Windows.
An kuma ba da kyautar $ 40,000 don ayyukan Windows 10 masu nasara guda uku waɗanda ke haifar da raunin abubuwa masu alaƙa da yawan lamba, samun damar ƙwaƙwalwar ajiya da aka riga aka warware, da yanayin tsere wanda ya ba da damar samun gatan SYSTEM aka nuna)
Wani yunquri wanda aka nuna, amma a wannan yanayin bai yi nasara ba ga VirtualBox, wanda ya kasance cikin lada tare da Firefox, VMware ESXi, abokin ciniki Hyper-V, MS Office 365, MS SharePoint, MS RDP da Adobe Reader waɗanda ba a bayyana su ba.
Har ila yau, babu mutanen da ke son nuna fashin tsarin bayanan motar Tesla, duk da kyautar $ 600 tare da motar Tesla Model 3.
Na sauran kyaututtuka da aka bayar:
- $ 200 don share Microsoft Exchange (ƙetare tabbatarwa da haɓaka ƙimar gida akan sabar don samun haƙƙin mai gudanarwa). An nuna wa wata ƙungiyar wani nasarar cin nasara, amma ba a biya lada ta biyu ba kamar yadda ƙungiyar farko ta riga ta yi amfani da kwari iri ɗaya.
- Dala dubu 200 a satar kayan aikin Microsoft (lambar aiwatarwa akan sabar).
- $ 100 don aikin Apple Safari (adadi mai yawa a cikin Safari da kuma adana ambaliya a cikin kernel na macOS don kauce wa akwatin sandbox da aiwatar da lambar kernel-matakin).
- 140,000 don yin hacking Desktop daidaici (fita daga cikin na'ura mai kama da aiki da lambar akan babban tsarin). An kai harin ta hanyar amfani da raunin abubuwa daban-daban guda uku: zubewar ƙwaƙwalwar ajiya wanda ba a san shi ba, cika ambaliyar, da kuma ambaliyar adadi.
- Kyauta biyu na $ 40 don hacks Desktop masu daidaituwa (kuskuren tunani da ɓoyewa wanda ya ba da izinin lambar aiki a kan tsarin aiki na waje ta hanyar ayyuka a cikin inji mai ƙira).