Browser Apple Safari, as well as virtualization software Oracle VirtualBox and VMware Workstation were hacked on the first day of Pwn2Own competition 2019, bringing researchers $240 thousand
The organizer of the Pwn2Own hacking competition 2019, which these days are held in Vancouver (Canada) is Trend Micro Zero Day Initiative (ZDI). This year the prize Fund of the event amounts to more than $1 million in addition, for the first time in the history of the competition, participants will try their luck in hacking the Tesla Model 3. One who has successfully hacked the electric car, will get $300 million and a car.
On the first day of the competition Kama Amat (Amat Cama) and Richard Zhu (Richard Zhu) from the team Fluoroacetate won $55 thousand for the successful exploitation of the vulnerabilities in Safari. The researchers were able to bypass the sandbox by exploiting a vulnerability and integer overflow vulnerability buffer overflow. To bypass the sandbox, the researchers used a brute force.
Another $35 million Kama and Joo won for breaking into Oracle VirtualBox. At the second attempt they managed to remember proekspluatirovat vulnerability integer overflow and cause uncertainty of parallelism (so-called “race condition” or race condition), in order to escalate privileges and execute arbitrary code on the target system.
For the bypass virtual machines in VMware Workstation and code execution on the host system command Fluoroacetate earned $70 million In total first day of competition brought the team $160 thousand.
Explorer STAR Labs under the pseudonym anhdaden also received $35 thousand for the hacking of Oracle VirtualBox. As Fluoroacetate, he was able to elevate privileges and execute code, but using another vulnerability, and integer overflow.
Team phoenhex & qwerty won $45 thousand for the complete compromise of the system privileges of the kernel by exploiting vulnerabilities in Safari. They have developed the attack, involving a visit to the victim of malicious website based on the error Just-in-Time (JIT), reading outside of the allocated buffer and error Time-of-Check-Time-of-Use (TOCTOU). The team could get for their attack a much larger amount, however, as it turned out, Apple was already known about one of the researchers discovered vulnerabilities.
Read more •••