Mva nje iziphumo ze iintsuku ezintathu zokhuphiswano Pwn2Kwenziwe ngo-2021, ibanjwa minyaka le njengenxalenye yenkomfa yeCanSecWest.
Njengakunyaka ophelileyo, ukhuphiswano lwalubanjwe phantse kwaye uhlaselo lwabonakaliswa kwi-intanethi. Kwithagethi ezingama-23, iindlela zokusebenza zokusebenzisa ubuthathaka obukade bubonakalisiwe zibonakalisiwe kwi-Ubuntu, Windows 10, Chrome, Safari, Parallels Desktop, Microsoft Exchange, Microsoft Teams, kunye Zoom.
Kuzo zonke iimeko, iinguqulelo zamva nje zesoftware zavavanywa, kubandakanya lonke uhlaziyo olukhoyo. Isixa esipheleleyo sentlawulo sisigidi esinye anamakhulu amabini amawaka eedola zaseMelika.
Kukhuphiswano, kwenziwa iinzame ezintathu zokusebenzisa ubuthathaka ku-Ubuntu apho iinzame zokuqala nezesibini zabalwa kwaye abahlaseli bakwazile ukubonisa ukunyuka kwamalungelo endawo ngokuxhaphaza ubuthathaka obabungaziwa ngaphambili obunxulumene nokugcwala kwempazamo kunye nokukhululwa kwememori ephindwe kabini (apho izinto zengxaki zingekaxelwa kwaye abaphuhlisi banikwa iintsuku ezingama-90 zokulungisa iibugs de idatha ivezwe).
Kobu buthathaka obubonakaliswe Ubuntu, iibhonasi ze- $ 30,000 zahlawulwa.
Inzame yesithathu, eyenziwe lelinye iqela kudidi lokuxhatshazwa kwamalungelo endawo, yayiphumelele ngokuyinxenye: ukuxhaphaza kuyasebenza kwaye kuvunyelwe ukufikelela kwiingcambu, kodwa uhlaselo aluzange lufakwe ngokupheleleyo, ukususela ngoku i-bug enxulunyaniswa nobungozi yayisele ikhathalogu Kwaye kwaziwa kubaphuhlisi baka-Ubuntu kwaye uhlaziyo olunokulungiswa lwalulungiswa.
Kwakhona Uhlaselo oluyimpumelelo lubonakalisiwe kwizikhangeli ngetekhnoloji yeChromiumIGoogle Chrome kunye neMicrosoft Edge, kwezi bhonasi ze- $ 100,000 zahlawulwa ngokwenza ukuxhaphaza okuvumela ikhowudi ukuba yenziwe xa uvula iphepha eliyilwe ngokukodwa kwiChannel kunye ne-Edge (ukuxhaphazwa kwendalo iphela kwenziwa kuzo zombini izikhangeli).
Kwimeko yoku kubeka esichengeni, kukhankanyiwe ukuba ukulungiswa kulindeleke ukuba kupapashwe kwiiyure ezimbalwa ezizayo, ngelixa kusaziwa ukuba ubungozi bukhona kwinkqubo enoxanduva lokuqhubekeka nomxholo wewebhu (umnikezeli).
Kwelinye icala, amawaka amabini eerandi ahlawulwa kwi-Zoom kwaye kwaboniswa ukuba i-app yeZoom inokutshixwa ngokwenza ikhowudi ethile ukuthumela umyalezo komnye umsebenzisi, akukho sidingo salo naliphi na inyathelo ngummkeli. Uhlaselo lusebenzise ubuthathaka abathathu kwi-Zoom kunye nenye kwinkqubo yokusebenza yeWindows.
Ibhonasi ye- $ 40,000 yanikwa ezintathu ziphumelele Windows 10 imisebenzi apho ubungozi bunxulumene nokugcwala kwenani elipheleleyo, ukufikelela kwimemori esele ikhululiwe, kunye neemeko zobuhlanga ezivumela ukufumana amalungelo eSYSTEM kubonisiwe).
Elinye ilinge ebibonisiwe, kodwa kule meko ayiphumelelanga ngenxa yeVirtualBox, esele isemva kwemivuzo kunye neFirefox, VMware ESXi, Hyper-V client, MS Office 365, MS SharePoint, MS RDP kunye neAdobe Reader ezisahleli zingafunwanga.
Bekungekho bantu bazimiseleyo ukubonakalisa ukukhwabanisa kwenkqubo yemoto yeTesla, ngaphandle kwebhaso le- $ 600 kunye nemoto yeTesla Model 3.
Kwamanye amabhaso ezo zanikezelwa:
- $ 200 yokuchithwa kweMicrosoft Exchange (ukugqithisa ukuqinisekiswa kunye nokunyuka kwelungelo lendawo kwiseva ukufumana amalungelo omlawuli). Elinye iqela laboniswa okunye ukuxhaphaza okuyimpumelelo, kodwa ibhaso lesibini alizange lihlawulwe njengoko iqela lokuqala lalisele lisebenzise iibugs ezifanayo.
- I-200 lamawaka eedola kusiko lwezixhobo zikaMicrosoft (ukwenziwa kwekhowudi kwiseva).
- $ 100 yokusebenza kweApple Safari (inani elipheleleyo eliphuphuma kwi-Safari kunye ne-buffer ephuphumayo kwi-macOS kernel ukunqanda i-sandboxing kunye nokwenza ikhowudi yenqanaba le-kernel).
- I-140,000 yokuqhekeza iiDesktop eziDibeneyo (ukuphuma kumatshini obonakalayo kunye nokuqhuba ikhowudi kwinkqubo ephambili). Uhlaselo lwenziwa ngokuxhaphaza iindlela ezintathu zokuba sesichengeni: ukuvuza kwenkumbulo okungafakwanga, ukugcwala kwesitaki, kunye nokugcwala kwenani elipheleleyo.
- Amabhaso amabini eerandi ezingama-40 ngokuHacks kweDesktop (impazamo yomgaqo kunye nokugcwala okukhuselekileyo okuvumela ikhowudi ukuba isebenze kwinkqubo yokusebenza yangaphandle ngezenzo zomatshini obonakalayo).