iziphumo zeentsuku ezimbini zokhuphiswano Pwn2Own 2020, ezibanjwa minyaka le njengenxalenye yenkomfa yeCanSecWest. Kulo nyaka ukhuphiswano lubanjwe ngokubonakalayo kwaye uhlaselo lwaboniswa kwi-intanethi. Ukhuphiswano lubonise iindlela zokusebenza zokusebenzisa ubuthathaka obungaziwa ngaphambili kwi-Ubuntu Desktop (Linux kernel), iWindows, macOS, Safari, VirtualBox kunye neAdobe Reader. Isixa esipheleleyo sentlawulo yayingama-270 amawaka eedola (imali yebhaso lilonke ngaphezulu kwe-4 yezigidi zeedola zaseMelika).
- Ukunyuka kwamalungelo kwi-Ubuntu Desktop ngokuxhaphaza ubuthathaka kwi-Linux kernel ehambelana nokuqinisekiswa okungachanekanga kwamaxabiso egalelo (ibhaso $30);
- Umboniso wokuphuma kwendawo yeendwendwe kwi-VirtualBox kunye nokuphumeza ikhowudi enamalungelo e-hypervisor, ukusebenzisa ubuthathaka obubini - ukukwazi ukufunda idatha ukusuka kwindawo engaphandle kwe-buffer eyabelwe kunye nephutha xa usebenza ngezinto eziguquguqukayo ezingabhalwanga (ibhaso le-40 lamawaka eedola). Ngaphandle kokhuphiswano, abameli beZero Day Initiative baphinde babonise enye i-Hack VirtualBox, evumela ukufikelela kwi-host host ngokusebenzisa ukukhwabanisa kwindawo yeendwendwe;
- Ukukhangela iSafari ngamalungelo aphakamileyo kwinqanaba le-kernel ye-macOS kunye nokuqhuba i-calculator njengengcambu. Ukuxhaphaza, ikhonkco leempazamo ze-6 lisetyenzisiwe (ixabiso le-70 lamawaka eedola);
- Imiboniso emibini yelungelo lendawo lokunyuka kwi-Windows ngokusetyenziswa kobuthathaka okukhokelela ekufikeleleni kwindawo yememori esele ikhululiwe (amabhaso amabini e-40 amawaka eedola ngalinye);
- Ukufumana ukufikelela kumlawuli kwiWindows xa uvula uxwebhu lwePDF oluyilwe ngokukodwa kwiAdobe Reader. Uhlaselo lubandakanya ubuthathaka kwi-Acrobat kunye ne-Windows kernel enxulumene nokufikelela kwiindawo zememori esele zikhululiwe (ibhaso le-50 yeedola).
Ulonyulo lokugqekeza iChrome, iFirefox, iEdge, iMicrosoft Hyper-V Client, iOfisi kaMicrosoft kunye neMicrosoft Windows RDP yahlala ingafunwa. Kwenziwa umzamo wokugqekeza iVMware Workstation, kodwa ayizange iphumelele.
Njengonyaka ophelileyo, amacandelo amabhaso awazange abandakanye ii-hacks ezininzi zeeprojekthi zomthombo ovulekileyo (nginx, OpenSSL, Apache httpd).
Ngokwahlukileyo, sinokuqaphela isihloko sokuqhekeza iinkqubo zolwazi zemoto yeTesla. Kwakungekho nzame zokuqhekeza uTesla kukhuphiswano, nangona ibhaso liphezulu le-700 yeedola, kodwa ngokwahlukeneyo. malunga nokuchongwa kwe-DoS vulnerability (CVE-2020-10558) kwi-Tesla Model 3, evumela, xa uvula iphepha elilungiselelwe ngokukodwa kwi-browser eyakhelwe ngaphakathi, ukukhubaza izaziso ezivela kwi-autopilot kunye nokuphazamisa ukusebenza kwamacandelo afana isixhobo sokulinganisa isantya, isikhangeli, isimo somoya, inkqubo yokukhangela, njl.
umthombo: opennet.ru