results of two days of competitions Pwn2Own 2020, held annually as part of the CanSecWest conference. This year the competition was held virtually and the attacks were demonstrated online. The competition presented working techniques for exploiting previously unknown vulnerabilities in Ubuntu Desktop (Linux kernel), Windows, macOS, Safari, VirtualBox and Adobe Reader. The total amount of payments was 270 thousand dollars (total prize fund more than 4 million US dollars).
- Local escalation of privileges in Ubuntu Desktop by exploiting a vulnerability in the Linux kernel associated with incorrect verification of input values ββ(prize $30);
- Demonstration of exiting the guest environment in VirtualBox and executing code with hypervisor rights, exploiting two vulnerabilities - the ability to read data from an area outside the allocated buffer and an error when working with uninitialized variables (prize 40 thousand dollars). Outside the competition, representatives of the Zero Day Initiative also demonstrated another VirtualBox hack, which allows access to the host system through manipulations in the guest environment;
- Hacking Safari with elevated privileges to the macOS kernel level and running the calculator as root. For exploitation, a chain of 6 errors was used (prize 70 thousand dollars);
- Two demonstrations of local privilege escalation in Windows through the exploitation of vulnerabilities that lead to access to an already freed memory area (two prizes of 40 thousand dollars each);
- Gaining administrator access in Windows when opening a specially designed PDF document in Adobe Reader. The attack involves vulnerabilities in Acrobat and the Windows kernel related to accessing already freed memory areas (prize of $50).
Nominations for hacking Chrome, Firefox, Edge, Microsoft Hyper-V Client, Microsoft Office and Microsoft Windows RDP remained unclaimed. An attempt was made to hack VMware Workstation, but it was unsuccessful.
Like last year, the prize categories did not include hacks of the majority of open source projects (nginx, OpenSSL, Apache httpd).
Separately, we can note the topic of hacking the information systems of a Tesla car. There were no attempts to hack Tesla at the competition, despite the maximum prize of $700 thousand, but separately about the identification of a DoS vulnerability (CVE-2020-10558) in the Tesla Model 3, which allows, when opening a specially designed page in the built-in browser, to disable notifications from the autopilot and disrupt the operation of components such as the speedometer, browser, air conditioning, navigation system, etc.
Source: opennet.ru