Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Ma hacks 2 a Ubuntu adawonetsedwa pampikisano wa Pwn2022Own 5

Ma hacks 2 a Ubuntu adawonetsedwa pampikisano wa Pwn2022Own 5

Zotsatira zamasiku atatu a mpikisano wa Pwn2Own 2022, womwe umachitika chaka chilichonse ngati gawo la msonkhano wa CanSecWest, zafotokozedwa mwachidule. Njira zogwirira ntchito zopezera chiwopsezo chosadziwika kale zawonetsedwa pa Ubuntu Desktop, Virtualbox, Safari, Windows 11, Microsoft Teams ndi Firefox. Kuwukira kopambana kwa 25 kunawonetsedwa, ndipo kuyesa katatu kunalephera. Zowukirazi zidagwiritsa ntchito zotulutsa zaposachedwa kwambiri zamapulogalamu, asakatuli ndi makina ogwiritsira ntchito okhala ndi zosintha zonse zomwe zilipo komanso masinthidwe osasinthika. Ndalama zonse zomwe zalipidwa zinali USD 1,155,000.

Mpikisanowu udawonetsa kuyesa kopambana kasanu kugwiritsa ntchito ziwopsezo zomwe zidadziwika kale mu Ubuntu Desktop, zochitidwa ndi magulu osiyanasiyana a omwe adatenga nawo gawo. Mphotho imodzi ya $40 idalipidwa powonetsa kukwera kwamwayi kwanuko ku Ubuntu Desktop pogwiritsa ntchito ma buffer kusefukira ndi zovuta ziwiri zaulere. Mphotho zinayi, iliyonse yokwana $40, idaperekedwa chifukwa chowonetsa kukwera kwamwayi pogwiritsa ntchito ziwopsezo za Use-After-Free.

Zomwe zili muvuto sizinafotokozedwebe; malinga ndi zomwe mpikisanowu ukunena, zidziwitso zatsatanetsatane pazowopsa zamasiku 0 zidzasindikizidwa pakangotha ​​masiku 90, omwe amaperekedwa kwa opanga kuti akonze zosintha zomwe zimathetsa vutoli. zofooka.

Ma hacks 2 a Ubuntu adawonetsedwa pampikisano wa Pwn2022Own 5

Kuukira kwina kopambana:

  • 100 madola masauzande kuti apange mwayi wogwiritsa ntchito Firefox, yomwe idalola, potsegula tsamba lopangidwa mwapadera, kudutsa kudzipatula kwa sandbox ndikuyika ma code mu dongosolo.
  • $40 kuti muwonetsere zachinyengo zomwe zimagwiritsa ntchito kusefukira kwa buffer mu Oracle Virtualbox kuti mutuluke mwa mlendo.
  • $ 50 zikwi zogwiritsira ntchito Apple Safari (buffer kusefukira).
  • 450 madola chikwi chifukwa kuwakhadzula Magulu a Microsoft (magulu osiyanasiyana adawonetsa ma hacks atatu ndi mphotho ya 150 zikwi iliyonse).
  • 80 madola zikwi (mphoto ziwiri za 40 zikwi iliyonse) pogwiritsa ntchito buffer kusefukira ndi kukulitsa mwayi wanu mu Microsoft Windows 11.
  • Madola 80 (mphoto ziwiri za 40 iliyonse) chifukwa chogwiritsa ntchito cholakwika mu code yotsimikizira kuti muwonjezere mwayi mu Microsoft Windows 11.
  • $40K pogwiritsa ntchito kusefukira kokwanira kuti muwonjezere mwayi mu Microsoft Windows 11.
  • $40 pogwiritsa ntchito chiwopsezo cha Use-After-Free mu Microsoft Windows 11.
  • $ 75 powonetsa kuwukira kwa infotainment system ya Telsa Model 3. Ntchitoyi idagwiritsidwa ntchito nsikidzi zomwe zimatsogolera ku buffer kusefukira ndi kumasula kawiri, pamodzi ndi njira yodziwika kale yodutsa kudzipatula kwa sandbox.

Zoyeserera zosiyana zidapangidwa, koma sizinaphule kanthu, kuthyolako Microsoft Windows 11 (ma hacks 6 opambana ndi 1 osachita bwino), Tesla (1 hack yopambana ndi 1 sinapambane) ndi Magulu a Microsoft (ma hacks 3 opambana ndi 1 osapambana). Panalibe zopempha zowonetsera zochitika mu Google Chrome chaka chino.

Source: opennet.ru

Kuwonjezera ndemanga