Iziphumo zeentsuku ezintathu zokhuphiswano lwePwn2Own 2022, olubanjwa minyaka le njengenxalenye yenkomfa yeCanSecWest, ziye zashwankathelwa. Ubuchule bokusebenza bokuxhaphaza ubuthathaka obungaziwa ngaphambili bubonisiwe kwi-Ubuntu Desktop, Virtualbox, Safari, Windows 11, Amaqela eMicrosoft kunye neFirefox. Uhlaselo oluyimpumelelo lwe-25 luye lwaboniswa, kwaye iinzame ezintathu zaphela ngokungaphumeleli. Uhlaselo lusebenzise ukukhutshwa okuzinzile kwamva nje kwezicelo, iiphequluli kunye neenkqubo zokusebenza nazo zonke izihlaziyo ezikhoyo kunye noqwalaselo olungagqibekanga. Isixa esipheleleyo somvuzo ohlawulweyo yi-USD 1,155,000.
Ukhuphiswano lubonise iinzame ezintlanu eziyimpumelelo zokusebenzisa ubuthathaka obungaziwa ngaphambili kwi-Ubuntu Desktop, eyenziwe ngamaqela ahlukeneyo abathathi-nxaxheba. Ibhaso elinye lama-40 eerandi lahlawulwa ngokubonisa ukonyuka kwamalungelo asekhaya kwi-Ubuntu Desktop ngokuxhaphaza ukuphuphuma kwebuffer ezimbini kunye nemiba ephindwe kabini yasimahla. Iimbasa ezine, ngalinye lixabisa i-$40, liwongwe ngokubonisa ukonyuka kwamalungelo ngokusetyenziswa kobuthathaka boSetyenziso-Emva kokuMahala.
Awona macandelo engxaki awakaxelwa; ngokuhambelana nemigaqo yokhuphiswano, ulwazi oluthe kratya malunga nabo bonke ubuthathaka obubonakalisiweyo beentsuku ezi-0 luya kupapashwa kuphela emva kweentsuku ezingama-90, ezinikwa abavelisi ukuba balungiselele uhlaziyo oluphelisa ubuthathaka.
Olunye uhlaselo oluyimpumelelo:
- I-100 lamawaka eedola ekuphuhliseni i-exploit yeFirefox, eyavumela, xa uvula iphepha eliyilwe ngokukodwa, ukudlula i-sandbox yodwa kwaye iphumeze ikhowudi kwinkqubo.
- I-$ 40 yokubonisa i-exploit esebenzisa i-buffer ephuphumayo kwi-Oracle Virtualbox ukuphuma kwindwendwe.
- 50 amawaka eerandi ukusebenza Apple Safari (buffer ukuphuphuma).
- I-450 yamawaka eedola ngokugqekeza Amaqela eMicrosoft (amaqela ahlukeneyo abonise iihacks ezintathu ngomvuzo we-150 lamawaka ngalinye).
- I-80 lamawaka eedola (amabhaso amabini angama-40 lamawaka lilinye) ngokuxhaphaza i-buffer ephuphumayo kunye nokwandisa amalungelo omntu kwiMicrosoft Windows 11.
- I-80 lamawaka eedola (amabhaso amabini angama-40 lamawaka lilinye) ngokuxhaphaza isiphene kwikhowudi yokuqinisekisa yokufikelela ukunyusa amalungelo omntu kwiMicrosoft Windows 11.
- I-$40K yokuxhaphaza ukuphuphuma kwenani elipheleleyo ukunyusa amalungelo kuMicrosoft Windows 11.
- I-$40 yewaka lamawaka ngokusebenzisa ubungozi bokuSebenzisa-emva kwaMahla kuMicrosoft Windows 11.
- I-$75 yewaka lamawaka ngokubonisa uhlaselo lwenkqubo ye-infotainment yeTelsa Model 3. I-exploit isetyenziselwe iibugs ezikhokelela kwi-buffer overflows kunye ne-double frees, kunye nobuchule obebusaziwa ngaphambili bokugqitha ukwahlula kwebhokisi yesanti.
Imizamo eyahlukileyo yenziwa, kodwa ayizange iphumelele, ukukrazula iMicrosoft Windows 11 (i-6 i-hacks eyimpumelelo kunye ne-1 ayiphumelelanga), i-Tesla (i-1 i-hack eyimpumelelo kunye ne-1 ayiphumelelanga) kunye namaQela e-Microsoft (i-3 i-hacks eyimpumelelo kunye ne-1 ayiphumelelanga). Bekungekho zicelo zokubonisa imisebenzi kuGoogle Chrome kulo nyaka.
umthombo: opennet.ru