ProHoster > Blog > litaba tsa inthanete > Li-hacks tsa Ubuntu, Windows, macOS le VirtualBox li ile tsa bontšoa tlholisanong ea Pwn2Own 2020.

Li-hacks tsa Ubuntu, Windows, macOS le VirtualBox li ile tsa bontšoa tlholisanong ea Pwn2Own 2020.

Ho phoqa liphetho tsa matsatsi a mabeli a litlholisano tsa Pwn2Own 2020, tse tšoaroang selemo le selemo e le karolo ea kopano ea CanSecWest. Selemong sena tlholisano e ile ea tšoaroa hoo e batlang e le litlhaselo li ile tsa bontšoa inthaneteng. Tlholisano e hlahisitse mekhoa ea ho sebetsa bakeng sa ho sebelisa hampe bofokoli bo neng bo sa tsejoe pele ho Ubuntu Desktop (Linux kernel), Windows, macOS, Safari, VirtualBox le Adobe Reader. Kakaretso ea litefo e ne e le lidolara tse likete tse 270 (chelete eohle ea moputso ne chelete e fetang limilione tse 4 tsa US).

  • Keketseho ea lehae ea litokelo ho Ubuntu Desktop ka ho sebelisa hampe ho ba kotsing ho Linux kernel e amanang le netefatso e fosahetseng ea boleng ba ho kenya (moputso $30);
  • Pontšo ea ho tsoa tikolohong ea moeti ho VirtualBox le ho etsa khoutu e nang le litokelo tsa hypervisor, ho sebelisa lifokolo tse peli - bokhoni ba ho bala data ho tsoa sebakeng se kantle ho buffer e fanoeng le phoso ha o sebetsa ka mefuta e sa tsejoeng (moputso oa lidolara tse likete tse 40). Ka ntle ho tlhōlisano, baemeli ba Zero Day Initiative ba ile ba boela ba bontša hack e 'ngoe ea VirtualBox, e lumellang ho fihlella tsamaiso ea moeti ka ho qhekella sebakeng sa baeti;



  • Ho qhekella Safari ka litokelo tse phahameng ho isa boemong ba kernel ea macOS le ho tsamaisa calculator joalo ka motso. Bakeng sa tlhekefetso, ho sebelisitsoe ketane ea liphoso tsa 6 (moputso oa lidolara tse likete tse 70);
  • Lipontšo tse peli tsa ho eketseha ha litokelo tsa lehae ho Windows ka tšebeliso ea bofokoli e lebisang ho fihlella sebaka sa mohopolo se seng se lokolotsoe (likhau tse peli tsa lidolara tse likete tse 40 e 'ngoe le e 'ngoe);
  • Ho fumana phihlello ea batsamaisi ho Windows ha o bula tokomane ea PDF e hlophisitsoeng ka mokhoa o ikhethileng ho Adobe Reader. Tlhaselo e kenyelletsa bofokoli ho Acrobat le Windows kernel e amanang le ho fihlella libaka tsa memori tse seng li lokolotsoe (moputso oa $ 50).

Likhetho tsa ho qhekella Chrome, Firefox, Edge, Microsoft Hyper-V Client, Microsoft Office le Microsoft Windows RDP li ile tsa lula li sa tsejoe. Ho ile ha etsoa teko ea ho senya VMware Workstation, empa ha ea ka ea atleha.
Joalo ka selemong se fetileng, mekhahlelo ea meputso e ne e sa kenyelle li-hacks tsa boholo ba merero e bulehileng ea mohloli (nginx, OpenSSL, Apache httpd).

Ka thoko, re ka ela hloko taba ea ho qhekella litsamaiso tsa tlhahisoleseling tsa koloi ea Tesla. Ha hoa ka ha e-ba le boiteko ba ho senya Tesla tlhōlisanong, ho sa tsotellehe moputso o moholo oa $ 700 sekete, empa ka thoko. boitsebiso bo hlahile mabapi le ho tsebahatsa ts'oaetso ea DoS (CVE-2020-10558) ho Tesla Model 3, e lumellang, ha u bula leqephe le entsoeng ka ho khetheha ho sebatli se hahiloeng, ho thibela litsebiso tse tsoang ho autopilot le ho senya ts'ebetso ea likarolo tse kang Speedometer, sebatli, moea o futhumatsang moea, sistimi ea ho tsamaea, jj.

Source: opennet.ru

Eketsa ka tlhaloso