ProHoster > Blog > litaba tsa inthanete > Li-hacks tse 2 tsa Ubuntu li bontšitsoe tlholisanong ea Pwn2022Own 5

Li-hacks tse 2 tsa Ubuntu li bontšitsoe tlholisanong ea Pwn2022Own 5

Liphetho tsa matsatsi a mararo a tlholisano ea Pwn2Own 2022, e tšoaroang selemo le selemo e le karolo ea kopano ea CanSecWest, li akarelitsoe. Mekhoa e sebetsang ea ho sebelisa hampe bofokoli bo neng bo sa tsejoe pele e bontšitsoe bakeng sa Ubuntu Desktop, Virtualbox, Safari, Windows 11, Microsoft Teams le Firefox. Litlhaselo tse atlehileng tsa 25 li ile tsa bontšoa, 'me liteko tse tharo li ile tsa fella ka ho hlōleha. Litlhaselo li sebelisitse lintlafatso tsa morao-rao tse tsitsitseng tsa lits'ebetso, libatli le lits'ebetso tse nang le liapdeite tsohle tse fumanehang le litlhophiso tsa kamehla. Kakaretso ea moputso o lefshoang e ne e le USD 1,155,000.

Tlholisano e bonts'itse liteko tse atlehileng tse hlano tsa ho sebelisa hampe bofokoli bo neng bo sa tsejoe pele ho Ubuntu Desktop, bo entsoeng ke lihlopha tse fapaneng tsa bankakarolo. Moputso o le mong oa $40 o lefshoe bakeng sa ho bonts'a keketseho ea litokelo tsa lehae ho Ubuntu Desktop ka ho tlatlapa likhahla tse peli tsa buffer le litaba tse habeli tsa mahala. Likhau tse 'ne, e' ngoe le e 'ngoe ea boleng ba $40, e ile ea fuoa bakeng sa ho bonts'a keketseho ea litokelo ka ho sebelisa hampe bofokoli ba Use-After-Free.

Likarolo tse tobileng tsa bothata ha li so tlalehe; ho latela lipehelo tsa tlholisano, tlhaiso-leseling e felletseng mabapi le bofokoli bohle bo bonts'itsoeng ba matsatsi a 0 e tla phatlalatsoa feela kamora matsatsi a 90, e fuoang bahlahisi hore ba lokise liapdeite tse felisang khatello ea maikutlo. bofokodi.

Li-hacks tse 2 tsa Ubuntu li bontšitsoe tlholisanong ea Pwn2022Own 5

Litlhaselo tse ling tse atlehileng:

  • Lidolara tse likete tse 100 bakeng sa nts'etsopele ea ts'ebeliso ea Firefox, e ileng ea lumella, ha u bula leqephe le etselitsoeng ka ho khetheha, ho feta ho itšehla thajana le ho kenya khoutu tsamaisong.
  • $40 ho bonts'a ts'ebetso e sebelisang buffer ho phalla ho Oracle Virtualbox ho tsoa ho moeti.
  • $ 50 sekete bakeng sa ho sebetsa Apple Safari (buffer overflow).
  • Lidolara tse likete tse 450 bakeng sa ho qhekella Lihlopha tsa Microsoft (lihlopha tse fapaneng li bontšitse li-hacks tse tharo ka moputso oa likete tse 150 bakeng sa se seng le se seng).
  • Lidolara tse likete tse 80 (likhau tse peli tsa likete tse 40 e 'ngoe le e 'ngoe) bakeng sa ho hlekefetsa ho phatloha ho hoholo le ho eketsa litokelo tsa motho ho Microsoft Windows 11.
  • Lidolara tse likete tse 80 (likhau tse peli tsa likete tse 40 e 'ngoe le e 'ngoe) bakeng sa ho sebelisa phoso ho khoutu ea netefatso ea phihlello ho eketsa litokelo tsa motho ho Microsoft Windows 11.
  • $40K bakeng sa ho tlatlapa palo e felletseng ho eketsa litokelo ho Microsoft Windows 11.
  • $40 sekete bakeng sa ho sebelisa hampe tlokotsi ea Use-After-Free ho Microsoft Windows 11.
  • $ 75 sekete bakeng sa ho bontša tlhaselo ea tsamaiso ea infotainment ea Telsa Model 3. Tšebeliso e sebelisitsoeng likokoana-hloko tse lebisang ho buffer overflows le ho lokolloa habeli, hammoho le mokhoa o neng o tsejoa pele oa ho qoba ho itšehla thajana.

Boiteko bo arohaneng bo ile ba etsoa, ​​​​empa ha boa ka ba atleha, ho senya Microsoft Windows 11 (6 li-hacks tse atlehileng le tse 1 ha lia atleha), Tesla (hack e atlehileng e le 1 le 1 ha ea atleha) le Lihlopha tsa Microsoft (li-hacks tse 3 tse atlehileng le 1 e sa atlehe). Ho ne ho se na likopo tsa ho bonts'a ts'ebetso ho Google Chrome selemong sena.

Source: opennet.ru

Eketsa ka tlhaloso