Muva nje imiphumela ye- izinsuku ezintathu zomncintiswano I-Pwn2Own 2021, ebanjwa minyaka yonke njengengxenye yengqungquthela yeCanSecWest.
Njengakunyaka owedlule, imincintiswano ibibanjwa cishe futhi ukuhlaselwa kuboniswe ku-intanethi. Kokuhlosiwe okungu-23, amasu okusebenza wokusebenzisa ubungozi obabungaziwa ngaphambili akhonjisiwe ku-Ubuntu, Windows 10, Chrome, Safari, Parallels Desktop, Microsoft Exchange, Microsoft Teams, and Zoom.
Kuzo zonke izimo, izinhlobo zakamuva zesoftware zihloliwe, kufaka phakathi zonke izibuyekezo ezitholakalayo. Inani eliphelele lokukhokha laliyisigidi esisodwa namakhulu amabili ezinkulungwane zamadola aseMelika.
Emncintiswaneni, kwenziwa imizamo emithathu yokusebenzisa ubungozi ku-Ubuntu lapho kwabalwa khona imizamo yokuqala neyesibili futhi abahlaseli bakwazile ukukhombisa ukwanda kwamalungelo endawo ngokusebenzisa ukuxhashazwa kobungozi obungaziwa ngaphambili obuhlobene nokuchichima kwesibhaxana nokukhululwa kwememori okuphindwe kabili (lapho izingxenye zenkinga zingakabikwa futhi onjiniyela banikezwa izinsuku ezingama-90 zokulungisa izimbungulu kuze kudalulwe idatha).
Kulezi zinkinga ezibonakaliswe ku-Ubuntu, amabhonasi we $ 30,000 akhokhelwa.
Umzamo wesithathu, owenziwe elinye iqembu esigabeni sokuxhashazwa kwamalungelo endawo, kuphumelele kuphela ngokwengxenye: ukuxhashazwa kuyasebenza futhi kuvunyelwe ukuthola izimpande, kepha ukuhlaselwa akufakwanga ngokugcwele, kusukela isinambuzane esihambisana nokuba sengozini sase sivele sihleliwe futhi kwakwaziwa kubathuthukisi be-Ubuntu futhi kwakulungiswa isibuyekezo ngokulungiswa.
Futhi ukuhlaselwa okuyimpumelelo kukhonjisiwe kuziphequluli ezinobuchwepheshe beChromium: I-Google Chrome ne-Microsoft Edge, kulokhu ibhonasi engu- $ 100,000 ikhokhelwe ukudala ukuxhashazwa okuvumela ikhodi ukuthi isebenze lapho uvula ikhasi elenzelwe ngokukhethekile ku-Chrome nase-Edge (ukuxhaphaza okwenzelwe umhlaba wonke kwenziwa kuzo zombili iziphequluli)
Endabeni yalokhu kuba sengozini, kushiwo ukuthi ukulungiswa kulindeleke ukuthi kushicilelwe emahoreni ambalwa alandelayo, ngenkathi kwaziwa kuphela ukuthi ubungozi bukhona enqubeni ebhekele ukucubungula okuqukethwe kwewebhu (i-renderer).
Ngakolunye uhlangothi, kukhokhelwe ama-dollar ayizinkulungwane ezingama-200 ku-Zoom futhi kubonisiwe ukuthi uhlelo lokusebenza lwe-Zoom lungagenwa ngokusebenzisa ikhodi ethile ukuthumela umlayezo komunye umsebenzisi, asikho isidingo sokwenza okuthile ngumamukeli. Lokhu kuhlasela kusebenzise ukukhubazeka okuthathu ku-Zoom nokukodwa kuhlelo lokusebenza lwe-Windows.
Ibhonasi engu- $ 40,000 yanikezwa futhi ngokuphumelela okuthathu Windows 10 ukusebenza lapho ubungozi buhlobene nokuchichima kwenombolo, ukufinyelela kwimemori esivele kukhululiwe, nezimo zomjaho ezivumela ukuthola amalungelo we-SYSTEM kubonisiwe).
Omunye umzamo ebikhonjisiwe, kepha kulokhu ayiphumelelanga ngeyeVirtualBox, okusalile ngaphakathi kwemivuzo kanye neFirefox, i-VMware ESXi, iklayenti le-Hyper-V, i-MS Office 365, i-MS SharePoint, i-MS RDP ne-Adobe Reader esahlala ingafunwanga.
Bekungekho futhi abantu abazimisele ukukhombisa ukungena kohlelo lwemininingwane yezimoto zakwaTesla, yize bekuklonyeliswe u- $ 600 kanye nemoto iTesla Model 3.
Kweminye imiklomelo anikezwe:
- $ 200 yokubhala ngemfihlo iMicrosoft Exchange (ngokudlula ubuqiniso nokukhuphuka kwelungelo lendawo kuseva ukuthola amalungelo okuphatha). Elinye iqembu laboniswa okunye ukuxhaphaza okuyimpumelelo, kepha umklomelo wesibili awuzange ukhokhelwe njengoba iqembu lokuqala lase lisebenzise izimbungulu ezifanayo.
- Ama-dollar ayizinkulungwane ezingama-200 ekugqekezeni imishini ye-Microsoft (ukwenziwa kwekhodi kuseva).
- $ 100 yokusebenza kwe-Apple Safari (ukuchichima kwenani eliphelele ku-Safari nokugcwala kwe-buffer ku-macOS kernel ukugwema i-sandboxing nokwenza ikhodi esezingeni le-kernel).
- I-140,000 yokugenca i-Parallels Desktop (ukuphuma kumshini obonakalayo nokusebenzisa ikhodi kusistimu enkulu). Lokhu kuhlaselwa kwenziwa ngokusebenzisa ubungozi obuthathu obuhlukile: ukuvuza kwenkumbulo okungakaqali, ukugcwala kwesitaki, nokuchichima kwenamba.
- Imiklomelo emibili engama- $ 40 yama-Parallels Desktop hacks (iphutha le-logic nokuchichima kwebhafa okuvumela ikhodi ukuthi isebenze kusistimu yokusebenza yangaphandle ngezenzo ezingaphakathi komshini obonakalayo).