ProHoster > Блог > labaran intanet > Hacks na Ubuntu, Windows, macOS da VirtualBox an nuna su a gasar Pwn2Own 2020

Hacks na Ubuntu, Windows, macOS da VirtualBox an nuna su a gasar Pwn2Own 2020

Bayar da sakamakon kwanaki biyu na gasa Pwn2Own 2020, wanda ake gudanarwa kowace shekara a matsayin wani ɓangare na taron CanSecWest. A bana an gudanar da gasar kusan kuma an nuna hare-haren ta yanar gizo. Gasar ta gabatar da dabarun aiki don cin gajiyar raunin da ba a san su ba a cikin Desktop Ubuntu (Linux kernel), Windows, macOS, Safari, VirtualBox da Adobe Reader. Adadin kudaden da aka biya shine dala dubu 270 (jimlar asusun kyauta ya kasance fiye da dalar Amurka miliyan 4).

  • Haɓaka gata na gida a cikin Desktop Ubuntu ta hanyar amfani da rauni a cikin kwaya ta Linux mai alaƙa da tabbatar da kuskuren ƙimar shigarwa (kyauta $30);
  • Nunawa na fita daga yanayin baƙo a cikin VirtualBox da aiwatar da lambar tare da haƙƙin hypervisor, yin amfani da lahani guda biyu - ikon karanta bayanai daga wani yanki a waje da buffer ɗin da aka keɓe da kuskure lokacin aiki tare da masu canji marasa fahimta (kyauta 40 dubu daloli). A waje da gasar, wakilan Zero Day Initiative kuma sun nuna wani hack VirtualBox, wanda ke ba da damar shiga tsarin mai masaukin baki ta hanyar magudi a cikin yanayin baƙi;



  • Hacking Safari tare da manyan gata zuwa matakin kernel macOS da gudanar da kalkuleta azaman tushen. Don amfani, an yi amfani da sarkar 6 kurakurai (lalacewar dala dubu 70);
  • Nunai biyu na haɓaka gata na gida a cikin Windows ta hanyar amfani da raunin da ke haifar da samun damar zuwa yankin ƙwaƙwalwar ajiya da aka rigaya (kyauta biyu na dala dubu 40 kowanne);
  • Samun dama ga mai gudanarwa a cikin Windows lokacin buɗe takaddar PDF ta musamman a cikin Adobe Reader. Harin ya ƙunshi lahani a cikin Acrobat da Windows kernel da ke da alaƙa da samun damar wuraren ƙwaƙwalwar ajiya da aka riga aka 'yantar (kyauta ta $50).

Nade-nade don shiga ba tare da izini ba Chrome, Firefox, Edge, Microsoft Hyper-V Client, Microsoft Office da Microsoft Windows RDP ya kasance ba a da'awar. An yi ƙoƙarin yin kutse na VMware Workstation, amma bai yi nasara ba.
Kamar shekarar da ta gabata, nau'ikan kyaututtukan ba su haɗa da hacks na yawancin ayyukan buɗe tushen ba (nginx, OpenSSL, Apache httpd).

Na dabam, zamu iya lura da batun hacking tsarin bayanai na motar Tesla. Babu wani ƙoƙari na kutse Tesla a gasar, duk da mafi girman kyautar $ 700, amma daban. bayanai sun bayyana game da gano wani rauni na DoS (CVE-2020-10558) a cikin Tesla Model 3, wanda ke ba da izini, lokacin buɗe wani shafi na musamman da aka tsara a cikin mai binciken da aka gina, don musaki sanarwar daga autopilot kuma ya rushe aikin abubuwan da aka gyara kamar su. ma'aunin saurin gudu, mai bincike, kwandishan, tsarin kewayawa, da sauransu.

source: budenet.ru

Add a comment