Kwa-Pwn2Own 2023 babonise ngempumelelo ama-hacks angu-5 Ubuntu

Darkcrizt

Imizuzu ye-4

I-Pwn2Own 2023

IPwn2Own 2033 ibibanjelwe eVancouver

Muva nje imiphumela ye- izinsuku ezintathu zomncintiswano I-Pwn2Own 2023, ebanjwa minyaka yonke njengengxenye yengqungquthela yeCanSecWest eVancouver.

Kulolu hlelo olusha amasu abonisiwe ukuze asebenze ukuxhaphaza ubuthakathaka ngaphambilini ibingaziwa ngo-Ubuntu, i-Apple macOS, i-Oracle VirtualBox, i-VMWare Workstation, iMicrosoft Windows 11, iMicrosoft Teams, iMicrosoft SharePoint kanye nezimoto zakwaTesla.

Kwakhonjiswa ukuhlasela okuyimpumelelo okungu-27 esebenzise ubuthakathaka obungaziwa ngaphambilini.

Kulabo abangayijwayele i-Pwn2Own, kufanele wazi ukuthi lona umcimbi wokugebenga umhlaba wonke ohlelwe yi-Trend Micro Zero-Day Initiative (ZDI), obuqhubeka kusukela ngo-2005. .okuzenzakalelayo kanye nokunye, kusetshenziswa imisebenzi ye-'zero-day'.

Laba bazingeli be-elite hacker bounty nabacwaningi bezokuphepha banomkhawulo wesikhathi oqinile 'wokupwn' ngempumelelo okuhlosiwe okukhulunywa ngakho. Impumelelo iklonyeliswa kokubili ngamaphuzu engezwa kubhodi yabaphambili ye-Masters of Pwn, futhi ukuhlonishwa kwe-Pwn2Own akufanele kuthathwe kancane njengoba imvelo yokuncintisana iqinile lapha, kanye nezinkokhelo ezikhangayo. Sekukonke, i-Pwn2Own Vancouver 2023 inesikhwama semiklomelo engaphezu kwesigidi esingu-$1.

Owokuqala owawa kwaba yi-Adobe Reader esigabeni sezicelo zebhizinisi ngemuva kuka-Abdul Aziz Hariri (@abdhariri) kwaHaboob SA usebenzise iketango le nezigigaba iqondise uchungechunge lwelogic-bug engu-6 oluhlukumeza amapeshi amaningi ahlulekile aphunyuke ku-Sandbox futhi lweqa uhlu lwama-API avinjelwe ku-macOS ukuze luwine u-$50.000.

emqhudelwaneni ubonise imizamo emihlanu eyimpumelelo yokuqhuma ubuthakathaka obungaziwa ngaphambilini ku Ubuntu Desktop, eyenziwe ngamaqembu ahlukene ababambiqhaza.

Izinkinga zidalwe ukukhululeka kabili kwenkumbulo (ibhonasi engu-$30k), i ukufinyelela inkumbulo ngemva khulula (ibhonasi ka-$30k), ukuphatha isikhombi okungalungile (ibhonasi ka-$30k). Kumademo amabili, asevele aziwa, kodwa angalungisiwe, kusetshenziswe ubuthakathaka (amabhonasi amabili ezinkulungwane ze-15 zamadola). Ngaphezu kwalokho, umzamo wesithupha wokuhlasela Ubuntu wenziwa, kodwa ukuxhashazwa akuzange kusebenze.

Mayelana nezingxenye zenkinga azikabikwa, ngokwemibandela yomncintiswano, ulwazi oluningiliziwe mayelana nabo bonke ubungozi bosuku lwe-zero olubonisiwe luzoshicilelwa kuphela ngemuva kwezinsuku ezingama-90, ezinikezwe ukulungiswa kwezibuyekezo ngabakhiqizi ukuze kuqedwe ubungozi.

Mayelana namanye amademo ekuhlaselweni okuyimpumelelo kubaluliwe okulandelayo:

  • Ama-hack amathathu e-Oracle VirtualBox axhaphaza ubungozi obubangelwe Ukufinyelela Inkumbulo Ngemva Kokulimala Kwamahhala, Ukuchichima Kwe-Buffer, kanye ne-Read Out of Buffer (amabhonasi amabili angu-$40k kanye nebhonasi engu-$80k yokuxhaphaza ubungozi obu-3 obuvumele ukusetshenziswa kwekhodi ohlangothini lomsingathi).
  • I-Apple's MacOS Elevation ($ 40K Premium).
  • Ukuhlaselwa okubili kweMicrosoft Windows 11 okubavumele ukuthi bakhulise amalungelo abo (amabhonasi angama-30.000).
  • Ubungozi budalwe ukufinyelela kwenkumbulo yangemuva kwamahhala kanye nokuqinisekisa okokufaka okungalungile.
  • Ukuhlaselwa Kwamaqembu e-Microsoft kusetshenziswa uchungechunge lwezinambuzane ezimbili ekuxhashazweni ($75,000 premium).
  • Ukuhlaselwa kwe-Microsoft SharePoint ($100,000 ibhonasi).
  • Ukuhlasela endaweni yokusebenzela ye-VMWare ngokufinyelela inkumbulo yamahhala nokuguquguquka okungakaqalwa ($80 premium).
  • Ukusetshenziswa kwekhodi ngenkathi kunikezwa okuqukethwe ku-Adobe Reader. Iketango eliyinkimbinkimbi lamaphutha angu-6 lisetshenziswe ukuhlasela, ukudlula ibhokisi lesihlabathi, nokufinyelela ku-API evinjelwe (umklomelo ka-$50,000).

Ukuhlaselwa okubili kwesistimu ye-infotainment yemoto ye-Tesla kanye ne-Tesla Gateway, okuvumela ukuthola ukufinyelela kwezimpande. Umklomelo wokuqala wawungu-$100,000 kanye nemoto yeTesla Model 3, kanti umklomelo wesibili wawungama-$250,000.

Ukuhlasela kusebenzise izinguqulo ezizinzile zakamuva zezinhlelo zokusebenza, iziphequluli, namasistimu okusebenza anazo zonke izibuyekezo ezitholakalayo nezilungiselelo ezizenzakalelayo. Isamba sesinxephezelo esikhokhiwe sasingu-$1,035,000 kanye nemoto. Iqembu elinamaphuzu amaningi lithole u-$530,000 kanye neTesla Model 3.

Ekugcineni, uma unentshisekelo yokwazi kabanzi ngakho, ungaxhumana nemininingwane Kulesi sixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.