Mhedzisiro yemazuva matatu emakwikwi ePwn2Own 2022, anoitwa gore negore sechikamu chemusangano weCanSecWest, akapfupikiswa. Maitiro ekushanda ekushandisa kusazvibata kwaimbozivikanwa kwakaratidzwa Ubuntu Desktop, Virtualbox, Safari, Windows 11, Microsoft Teams uye Firefox. Kurwiswa kwakabudirira kwe25 kwakaratidzwa, uye kuedza katatu kwakaguma nekukundikana. Iko kurwiswa kwakashandisa yazvino yakagadzikana kuburitswa kwezvishandiso, mabhurawuza uye masisitimu anoshanda ane zvese zviripo zvigadziriso uye zvigadziriso zvimiro. Mari yese yemuhoro yakabhadharwa yaive USD 1,155,000.
Makwikwi aya airatidza kuyedza kushanu kwakabudirira kushandisa kusarongeka kwaimbozivikanwa muUbuntu Desktop, kwakaitwa nezvikwata zvakasiyana zvevatori vechikamu. Imwe $40 mubairo wakabhadharwa kuratidza ropafadzo yemunharaunda kukwira muUbuntu Desktop nekushandisa mabhafa maviri mafashama uye kaviri emahara nyaya. Mibairo mina, imwe neimwe inokosha $40, yakapiwa kuratidza ropafadzo yekuwedzera kuburikidza nekushandiswa kweKushandisa-After-Free vulnerabilities.
Izvo chaizvo zvikamu zvedambudziko hazvisati zvataurwa; zvinoenderana nemamiriro emakwikwi, ruzivo rwakadzama nezvese zvakaratidzwa 0-zuva kusasimba kuchaburitswa chete mushure memazuva makumi mapfumbamwe, ayo anopihwa vagadziri kuti vagadzirire zvigadziriso zvinobvisa vulnerabilities.
Kumwe kurwiswa kwakabudirira:
- 100 zviuru zvemadhora ekuvandudza kushandiswa kweFirefox, iyo yakabvumira, pakuvhura peji rakagadzirirwa, kupfuura kuparadzaniswa kwebhokisi rejecha uye kuita kodhi muhurongwa.
- $40 kuratidza kushandiswa kunoshandisa buffer kufashukira muOracle Virtualbox kubuda kunze kwemuenzi.
- 50 zviuru zvemadhora zvekushandisa Apple Safari (buffer mafashama).
- 450 zviuru zvemadhora ekubira maMicrosoft Teams (zvikwata zvakasiyana zvakaratidza hacks nhatu nemubairo we150 zviuru kune imwe neimwe).
- 80 zviuru zvemadhora (mibairo miviri yezviuru makumi mana imwe neimwe) yekushandisa buffer mafashama uye kuwedzera ropafadzo dzemunhu muMicrosoft Windows 40.
- 80 zviuru zvemadhora (mibairo miviri yezviuru makumi mana imwe neimwe) yekushandisa bug mune yekuwana kodhi kodhi yekuwedzera ropafadzo muMicrosoft Windows 40.
- $40K yekushandisa huwandu hwakafashama kuti uwedzere ropafadzo muMicrosoft Windows 11.
- $40 zviuru zvekushandisa Kushandisa-After-Mahara kusagadzikana muMicrosoft Windows 11.
- Zviuru zvemadhora zviuru makumi manomwe neshanu zvekuratidzira kurwisa infotainment system yeTelsa Model 75. Kubata kwakashandiswa tsikidzi dzinotungamira kune buffer mafashama uye kusunungura kaviri, pamwe neyakazivikanwa nzira yekunzvenga bhokisi rejecha.
Kuedza kwakasiyana kwakaitwa, asi hakuna kubudirira, kubira Microsoft Windows 11 (6 yakabudirira hacks uye 1 haina kubudirira), Tesla (1 yakabudirira hack uye 1 haina kubudirira) uye Microsoft Teams (3 yakabudirira hacks uye 1 haina kubudirira). Pakanga pasina zvikumbiro zvekuratidzira maitiro muGoogle Chrome gore rino.
Source: opennet.ru