Natiijooyinka saddex maalmood ee tartanka Pwn2Own 2022, oo la qabto sannad kasta iyada oo qayb ka ah shirka CanSecWest, ayaa la soo koobay. Farsamooyinka shaqada ee ka faa'iidaysiga dayacanka aan hore loo aqoon ayaa lagu muujiyay Ubuntu Desktop, Virtualbox, Safari, Windows 11, Kooxaha Microsoft iyo Firefox. Waxa la soo bandhigay 25 weerar oo lagu guulaystay, saddex isku dayna waxa ay ku dhamaadeen fashil. Weeraradu waxay adeegsadeen sii dayntii ugu dambeysay ee xasilloonida codsiyada, daalacashada iyo nidaamyada hawlgalka oo leh dhammaan cusbooneysiinta la heli karo iyo qaabeynta caadiga ah. Wadarta lacagta gunnada ah ee la bixiyay waxay ahayd USD 1,155,000.
Tartanku waxa uu muujiyay shan isku day oo lagu guulaystay oo lagaga faaβiidaysanayay baylahda aan hore loo aqoon ee Ubuntu Desktop, oo ay fuliyeen kooxaha kala duwan ee ka qaybgalayaasha. Hal $40 oo abaalmarin ah ayaa la bixiyay si loo muujiyo kobaca mudnaanta maxalliga ah ee Ubuntu Desktop iyada oo laga faa'iidaysanayo laba qulqulaya oo qulqulaya iyo laba arrimood oo lacag la'aan ah. Afar abaal-marinno, midkiiba qiimihiisu yahay $40, ayaa lagu abaalmariyey muujinta mudnaanta mudnaanta iyada oo loo marayo ka faa'iidaysiga dayacanka Isticmaalka-Bilaash ah.
Qaybaha saxda ah ee dhibaatada weli lama soo sheegin iyadoo la raacayo shuruudaha tartanka, macluumaadka faahfaahsan ee ku saabsan dhammaan baylahda 0-maalin ee la soo bandhigay ayaa la daabici doonaa kaliya 90 maalmood ka dib, kuwaas oo la siiyo soo-saarayaasha si ay u diyaariyaan cusbooneysiinta baabi'inta baylahda.
Weerarada kale ee lagu guulaystay:
- 100 kun oo doolar oo loogu talagalay horumarinta ka faa'iidaysiga Firefox, kaas oo u oggolaaday, marka la furayo bog si gaar ah loo nashqadeeyay, in laga gudbo go'doominta sandbox oo lagu fuliyo koodka nidaamka.
- $40 si loo muujiyo ka faa'iidaysiga isticmaala kaydka buuxdhaafka ah ee Oracle Virtualbox si uu uga baxo martida.
- $50 kun oo loogu talagalay ku shaqaynta Apple Safari (Buffer overflow).
- 450 kun oo doolar jabsiga Kooxaha Microsoft (kooxo kala duwan ayaa soo bandhigay seddex jabsi oo midkiiba lagu abaalmariyay 150 kun).
- 80 kun oo doolar (laba abaal-marin oo ah 40 kun midkiiba) oo loogu talagalay ka faa'iidaysiga qulqulka qulqulka iyo kordhinta mudnaanta qofka ee Microsoft Windows 11.
- 80 kun oo doolar (laba abaal-marin oo ah 40 kun midkiiba) ka faa'iidaysiga bug ee koodhka xaqiijinta si loo kordhiyo mudnaanta qofka ee Microsoft Windows 11.
- $40K oo loogu talagalay ka faa'iidaysiga qulqulka isugeynta si kor loogu qaado mudnaanta Microsoft Windows 11.
- $40 kun oo loogu talagalay ka faa'iidaysiga dayacanka Isticmaalka-Bila'aanta ah ee Microsoft Windows 11.
- $75 kun oo loogu talagalay muujinta weerar lagu qaaday nidaamka macluumaadka ee Telsa Model 3. Ka faa'iidaysiga la isticmaalo cayayaanka taasoo horseedaysa qulqulka xad dhaafka ah iyo laba-laabashada xorta ah, oo ay la socoto farsamo hore oo loo yaqaanay in laga gudbo go'doominta sanduuqa ciid.
Isku dayo kala duwan ayaa la sameeyay, laakiin laguma guulaysan, in la jabsado Microsoft Windows 11 (6 jabsi guulaystay iyo 1 aan guulaysan), Tesla (1 jabsi guulaystay iyo 1 aan guulaysan) iyo Microsoft Teams (3 jabsi guulaystay iyo 1 guuldarro ah). Ma jirin codsiyo lagu muujinayo ka faa'iidaysiga Google Chrome sanadkan.
Source: opennet.ru