MuPwn2Own 2022 5 kusasimba kwakaratidzwa muUbuntu

Darkcrizt

4 maminitsi

Munguva pfupi yapfuura vakazvizivisa kuburikidza ne blog post mhedzisiro yemazuva matatu emakwikwi ePwn2Own 2022, iyo inoitwa gore negore sechikamu chemusangano weCanSecWest.

Muchinyorwa chegore rino matekiniki akaratidzirwa kushanda kushandisa kusasimba zvaisazivikanwa kare yeUbuntu Desktop, Virtualbox, Safari, Windows 11, Microsoft Teams uye Firefox. Pakazara, 25 kurwiswa kwakabudirira kwakaratidzwa uye kuedza katatu kwakaguma mukukundikana. Kurwiswa kwakashandisa shanduro dzemazuva ano dzakagadzikana dzemaapplication, mabhurawuza uye masisitimu anoshanda ane zvese zviripo zvigadziriso uye mune default marongero. Mari yese yemuhoro yakabhadharwa yaive US$1.155.000.

Pwn2Own Vancouver na2022 iri kuenderera mberi, uye makore gumi nemashanu emakwikwi atoona kumwe kutsvagisa kunoshamisa kuchiratidzwa. Ramba wakatarisa kune ino blog kuti uwane mibairo yakagadziridzwa, mifananidzo, uye mavhidhiyo kubva pachiitiko. Tichazvitumira zvese pano, kusanganisira yazvino Master yePwn leaderboard.

Makwikwi yakaratidza kuedza kushanu kwakabudirira kushandisa kusasimba kwaimbozivikanwa muUbuntu Desktop, yakagadzirwa nezvikwata zvakasiyana zvevatori vechikamu.

akapiwa a $40,000 mubairo wekuratidza rombo renzvimbo kukwira muUbuntu Desktop nekushandisa maviri buffer mafashama uye kaviri kuburitsa nyaya. Mabhonasi mana, anokosha $40,000 imwe neimwe, akabhadharwa nekuratidzira kukwidziridzwa kweropafadzo nekushandisa kusashanda zvakanaka kwakabatana nekuwana ndangariro mushure mekuburitswa (Shandisa-After-Mahara).

KUBUDIRIRA - Keith Yeo ( @kyeojy ) akahwina $40K uye 4 Master of Pwn mapoinzi eKushandisa-After-Mahara kushandiswa paUbuntu Desktop.

Ndezvipi zvikamu zvedambudziko zvisati zvaziviswa, maererano nemitemo yemakwikwi, ruzivo rwakadzama pamusoro pezvose zvakaratidzwa 0-day vulnerabilities ichabudiswa chete mushure memazuva makumi mapfumbamwe, ayo anopiwa kuitira kugadzirira kwekuvandudzwa nevagadziri kubvisa kusakanganiswa.

KUBUDIRIRA - Mukuedza kwekupedzisira paZuva 2, Zhenpeng Lin (@Markak_), Yueqi Chen (@Lewis_Chen_), naXinyu Xing (@xingxinyu) vanobva kuNorthwestern University's TUTELARY timu vakabudirira kuratidza Kushandisa Mushure Kwemahara bug inotungamira mukukwidziridzwa muUbuntu Desktop. . Izvi zvinokupa iwe $40,000 uye 4 Master of Pwn mapoinzi.

Team Orca yeSecurity.sea.com) yakakwanisa kumhanyisa 2 bugs paUbuntu Desktop: an Out-of-Bounds Nyora (OOBW) uye Use-After-Mahara (UAF), kuwana madhora zviuru makumi mana uye mana Master ePwn Points. .

KUBUDIRIRA: Chikwata Orca cheSecurity.sea.com) chakakwanisa kumhanyisa tsikidzi mbiri paUbuntu Desktop: an Out-of-Bounds Nyora (OOBW) uye Use-After-Free (UAF), achihwina madhora zviuru makumi mana uye mana Master of Pwn points.

Pane kumwe kurwiswa kunogona kuitwa zvinobudirira, tinogona kutaura zvinotevera:

  • 100 zviuru zvemadhora ekusimudzira kushandiswa kweFirefox, iyo yakabvumira, nekuvhura peji rakagadzirirwa, kunzvenga kuparadzaniswa kwebhokisi rejecha uye kuita kodhi muhurongwa.
  • $40,000 yekuratidzira kubiridzira kunotora mukana webuffer kufashukira muOracle Virtualbox kuburitsa muenzi.
  • $50,000 yekumhanyisa Apple Safari (buffer mafashama).
  • $450,000 yeMicrosoft Teams hacks (zvikwata zvakasiyana zvakaratidza hacks nhatu nemubairo we
  • $150,000 imwe neimwe).
  • $80,000 (mbiri $40,000 mabhonasi) kutora mukana webuffer mafashama uye rombo rekuwedzera muMicrosoft Windows 11.
  • $80,000 (mbiri $40,000 mabhonasi) kushandisa bhagi mune yekuwana kodhi kodhi yekusimudza ropafadzo dzako muMicrosoft Windows 11.
  • $40k kushandisa nhanho kufashukira kukwidziridza ropafadzo dzako muMicrosoft Windows 11.
  • $40,000 yekushandisa kushandiswa-Kumashure-Mahara kusagadzikana muMicrosoft Windows 11.
  • $75,000 yekuratidzira kurwiswa kwe infotainment system yemotokari yeTesla Model 3. Iyo yakashandiswa yakashandiswa buffer overflow and free double bugs, pamwe chete neyaimbozivikanwa sandbox bypass technique.

Chekupedzisira asi chisiri chidiki, zvakataurwa kuti mumazuva maviri emakwikwi kukundikana kwakaitika kunyangwe kuedza katatu kubira kwakabvumidzwa, ndeaya anotevera: Microsoft Windows 11 (6 yakabudirira hacks uye 1 yakakundikana), Tesla (1 hack yakabudirira uye 1 yakakundikana. ) uye Matimu eMicrosoft (3 akabudirira hacks uye 1 akakundikana). Pakanga pasina zvikumbiro zvekuratidzira maitiro muGoogle Chrome gore rino.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, Unogona kutarisa ruzivo mune yekutanga positi pa chinotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako