ProHoster > Блог > labaran intanet > 2 Ubuntu hacks da aka nuna a gasar Pwn2022Own 5

2 Ubuntu hacks da aka nuna a gasar Pwn2022Own 5

Sakamakon kwanaki uku na gasar Pwn2Own 2022, da ake gudanarwa kowace shekara a matsayin wani ɓangare na taron CanSecWest, an taƙaita. An nuna dabarun aiki don cin gajiyar raunin da ba a san su ba don Ubuntu Desktop, Virtualbox, Safari, Windows 11, Microsoft Teams da Firefox. An nuna jimillar hare-hare guda 25 da aka yi nasara, kuma yunkurin uku ya kare a kasa. Hare-haren sun yi amfani da sabbin abubuwan da suka tabbata na aikace-aikace, masu bincike da tsarin aiki tare da duk sabbin abubuwan da aka samu kuma a cikin tsarin tsoho. Jimlar kuɗin da aka biya shine USD 1,155,000.

Gasar ta nuna yunƙuri biyar na nasara na cin gajiyar raunin da ba a san su ba a cikin Desktop Ubuntu, waɗanda ƙungiyoyi daban-daban na mahalarta suka yi. An biya kyautar $40 guda ɗaya don nuna haɓaka gata na gida a cikin Desktop Ubuntu ta hanyar cin gajiyar buffer biyu da batutuwan kyauta sau biyu. An ba da kyaututtuka huɗu, kowane darajar $40, don nuna haɓaka gata ta hanyar cin gajiyar rashin amfani-Bayan-Kyauta.

Har yanzu ba a ba da rahoton ainihin abubuwan da ke tattare da matsalar ba; daidai da sharuɗɗan gasar, za a buga cikakken bayani game da duk lahanin kwana 0 da aka nuna kawai bayan kwanaki 90, waɗanda aka bai wa masana'antun don shirya abubuwan haɓakawa waɗanda ke kawar da cutar. rauni.

2 Ubuntu hacks da aka nuna a gasar Pwn2022Own 5

Sauran hare-hare masu nasara:

  • Dala dubu 100 don haɓaka fa'ida don Firefox, wanda ya ba da izini, lokacin buɗe shafi na musamman, don keɓance keɓewar akwatin sandbox da aiwatar da lamba a cikin tsarin.
  • $40 don nuna cin zarafi da ke amfani da buffer ambaliya a cikin Oracle Virtualbox don fita daga baƙo.
  • Dala dubu 50 don aiki da Apple Safari (buffer overflow).
  • Dala dubu 450 don yin kutse ga Ƙungiyoyin Microsoft (ƙungiyoyi daban-daban sun nuna hacks guda uku tare da ladan 150 dubu ga kowane).
  • Dala dubu 80 (kyauta guda biyu na dubu 40 kowanne) don cin gajiyar buffer ambaliya da haɓaka gata a cikin Microsoft Windows 11.
  • Dala dubu 80 (kyauta guda biyu na dubu 40 kowanne) don yin amfani da kwaro a cikin lambar tabbatarwa don haɓaka gata a cikin Microsoft Windows 11.
  • $40K don cin gajiyar yawan adadin lamba don haɓaka gata a cikin Microsoft Windows 11.
  • $40 dubu don cin gajiyar rashin amfani-Bayan-Free a cikin Microsoft Windows 11.
  • $75 don nuna wani hari akan tsarin infotainment na Telsa Model 3. Yin amfani da kwari da aka yi amfani da shi yana haifar da ambaliya da sau biyu kyauta, tare da fasahar da aka sani a baya don keɓance keɓewar akwatin sandbox.

An yi ƙoƙari daban-daban, amma ba a yi nasara ba, don kutse Microsoft Windows 11 (Hacks na nasara 6 da 1 wanda bai yi nasara ba), Tesla (hack na nasara 1 da 1 bai yi nasara ba) da Microsoft Teams (hacks na nasara 3 da 1 marasa nasara). Babu buƙatun nuna fa'idodi a cikin Google Chrome a wannan shekara.

source: budenet.ru

Add a comment