mhedzisiro yemazuva maviri emakwikwi Pwn2Own 2020, anoitwa gore negore sechikamu chemusangano weCanSecWest. Gore rino makwikwi akaitwa chaizvo uye kurwiswa kwakaratidzwa online. Makwikwi aya akaratidzira maitiro ekushanda ekushandisa kusazvibata kwaimbozivikanwa muUbuntu Desktop (Linux kernel), Windows, macOS, Safari, VirtualBox uye Adobe Reader. Huwandu hwekubhadhara hwaive zviuru mazana maviri nemakumi manomwe emadhora (homwe yemari yese inodarika mamiriyoni mana emadhora ekuAmerica).
- Kukwidziridzwa kwenzvimbo kweropafadzo muUbuntu Desktop nekushandisa kusagadzikana muLinux kernel yakabatana neiyo isiriyo yekusimbisa kukosha kwekupinza (mubairo $30);
- Kuratidzira kwekubuda munzvimbo yevaenzi muVirtualBox uye kuita kodhi ine kodzero dze hypervisor, kushandisa zvipingamupinyi zviviri - kugona kuverenga data kubva kune imwe nzvimbo iri kunze kweiyo yakagoverwa buffer uye kukanganisa kana uchishanda neuninitialized variables (mubairo we40 zviuru zvemadhora). Kunze kwemakwikwi, vamiririri veZero Day Initiative vakaratidzawo imwe VirtualBox hack, iyo inobvumira kupinda kune iyo host system kuburikidza nekugadzirisa munzvimbo yevaenzi;
- Kubira Safari neropafadzo dzakakwirira kune macOS kernel level uye kumhanyisa Calculator semudzi. Nekushandisa, ketani yezvikanganiso zve6 yakashandiswa (mubairo 70 zviuru zvemadhora);
- Zviratidziro zviviri zvekukwira kwekodzero yemunharaunda muWindows kuburikidza nekushandiswa kwekusagadzikana kunotungamira kusvika kune yakatosunungurwa ndangariro nzvimbo (mibairo miviri ye40 zviuru zvemadhora imwe neimwe);
- Kuwana maneja kupinda muWindows kana uchivhura yakanyatso gadzirwa PDF gwaro muAdobe Reader. Kurwiswa uku kunosanganisira kusasimba muAcrobat uye iyo Windows kernel ine chekuita nekuwana yakatosunungurwa nzvimbo dzekurangarira (mubairo wemadhora makumi mashanu).
Manominations ekubira Chrome, Firefox, Edge, Microsoft Hyper-V Client, Microsoft Office uye Microsoft Windows RDP yakaramba isina kutaurwa. Kuedza kwakaitwa kubira VMware Workstation, asi hazvina kubudirira.
Sezvakaita gore rapfuura, mapoka emibairo haana kusanganisira hacks yeakawanda akavhurika sosi mapurojekiti (nginx, OpenSSL, Apache httpd).
Takaparadzana, tinogona kucherechedza nyaya yekubira masisitimu eruzivo emota yeTesla. Pakanga pasina kuyedza kubira Tesla pamakwikwi, kunyangwe nemubairo mukuru we700 zviuru zvemadhora, asi zvakasiyana. nezve kuzivikanwa kwekusagadzikana kweDoS (CVE-2020-10558) muTesla Model 3, iyo inobvumira, kana uchivhura peji rakagadzirirwa mubrowser yakavakirwa-mukati, kudzima zviziviso kubva kune autopilot uye kukanganisa kushanda kwezvikamu zvakaita se. iyo speedometer, browser, air conditioning, navigation system, nezvimwe.
Source: opennet.ru