Imiphumela yezinsuku ezintathu zomncintiswano we-Pwn2Own 2022, obanjwa minyaka yonke njengengxenye yengqungquthela yeCanSecWest, isifingqwe. Amasu okusebenza okuxhaphaza ubungozi obungaziwa ngaphambilini akhonjisiwe ku-Ubuntu Desktop, Virtualbox, Safari, Windows 11, Microsoft Teams kanye neFirefox. Ukuhlasela okuyimpumelelo okungu-25 kukhonjisiwe, futhi imizamo emithathu igcine ingaphumelelanga. Ukuhlasela kusebenzise ukukhishwa kwakamuva okuzinzile kwezinhlelo zokusebenza, iziphequluli namasistimu okusebenza anazo zonke izibuyekezo ezitholakalayo nezilungiselelo ezizenzakalelayo. Isamba semali ekhokhiwe yi-USD 1,155,000.
Umncintiswano ubonise imizamo emihlanu eyimpumelelo yokusebenzisa ubungozi obungaziwa ngaphambili ku-Ubuntu Desktop, eyenziwe amaqembu ahlukene ababambiqhaza. Umklomelo owodwa ongu-$40 ukhokhelwe ukukhombisa ukwenyuka kwamalungelo endawo ku-Ubuntu Desktop ngokusebenzisa ukuchichima kwebhafa kanye nezindaba zamahhala eziphindwe kabili. Imiklomelo emine, ngayinye ebiza u-$40, iklonyeliswe ngokubonisa ukukhushulwa kwelungelo ngokuxhashazwa kobungozi bokusebenzisa ngemva kwamahhala.
Izingxenye eziqondile zenkinga azikabikwa; ngokuhambisana nemibandela yomncintiswano, ulwazi oluningiliziwe mayelana nabo bonke ubungozi bezinsuku ezi-0 obubonisiwe luzoshicilelwa kuphela ngemuva kwezinsuku ezingama-90, ezinikezwa abakhiqizi ukulungiselela izibuyekezo eziqeda ukungasebenzi kahle. ubuthakathaka.
Okunye ukuhlasela okuyimpumelelo:
- Izinkulungwane eziyi-100 zamadola ukuze kuthuthukiswe ukuxhashazwa kweFirefox, evumele, lapho kuvulwa ikhasi eliklanywe ngokukhethekile, ukudlula ukuhlukaniswa kwebhokisi lesihlabathi futhi likhiphe ikhodi ohlelweni.
- $40 ukuze ubonise ukuxhaphaza okusebenzisa ukuchichima kwebhafa ku-Oracle Virtualbox ukuze uphume esihambelini.
- Izinkulungwane ezingama-50 zamaRandi wokusebenzisa i-Apple Safari (ukuchichima kwe-buffer).
- Izinkulungwane ezingama-450 zamadola ngokugebenga Amaqembu eMicrosoft (amaqembu ahlukene abonise ama-hack amathathu ngomklomelo wezinkulungwane eziyi-150 ngalinye).
- Izinkulungwane ezingama-80 zamadola (imiklomelo emibili yezinkulungwane ezingama-40 ngayinye) ngokusebenzisa ukuchichima kwe-buffer kanye nokukhulisa amalungelo omuntu kuMicrosoft Windows 11.
- Izinkulungwane ezingama-80 zamadola (imiklomelo emibili yezinkulungwane ezingama-40 ngayinye) ngokusebenzisa isiphazamisi kukhodi yokuqinisekisa yokufinyelela ukuze kwandiswe amalungelo omuntu kuMicrosoft Windows 11.
- $40K ngokusebenzisa ukuchichima okuphelele ukuze kukhuliswe amalungelo ku-Microsoft Windows 11.
- $40 11 ngokusebenzisa kabi ukuba sengozini kwe-Use-After-Free ku-Microsoft Windows XNUMX.
- AmaRandi ayizinkulungwane ezingu-75 ngokubonisa ukuhlasela kusistimu ye-infotainment ye-Telsa Model 3. Ukuxhashazwa kusetshenziswe izimbungulu eziholela ekuchichimeni kwe-buffer kanye nokukhulula kabili, kanye nendlela eyaziwa ngaphambilini yokudlula ukuhlukaniswa kwe-sandbox.
Imizamo ehlukene yenziwe, kodwa ayiphumelelanga, ukugebenga i-Microsoft Windows 11 (ama-hacks angu-6 aphumelele no-1 akuphumelelanga), i-Tesla (i-hack engu-1 eyimpumelelo ne-1 ayiphumelelanga) kanye namaQembu e-Microsoft (ama-hacks ama-3 aphumelele kanye no-1 angaphumelelanga). Bezingekho izicelo zokubonisa imisebenzi ku-Google Chrome kulo nyaka.
Source: opennet.ru