MAMEWorld Central >> EmuChat
View all threads Index   Flat Mode Flat  

Moose
Don't make me assume my ultimate form!
Reged: 05/03/04
Posts: 1399
Loc: Outback, Australia
Send PM
Virtual machine escape fetches $105,000 at Pwn2Own hacking contest
03/18/17 12:37 PM


https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/


Quote:


members of Qihoo 360's security team carried out the hack by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware, contest organizers reported Friday morning on Twitter. The result was a "complete virtual machine escape."

"We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox, and we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine," Qihoo 360 Executive Director Zheng Zheng wrote in an e-mail. "Then we exploited a hardware simulation bug within VMware to escape from the guest operating system to the host one. All started from and only by a controlled a website."




And:


Quote:


At last year's Pwn2Own, contestants didn't attempt to target VMWare, an indication reliable exploits were probably worth more than the $75,000 prize that was offered at the time.





Moose







Entire thread
Subject Posted by Posted on
* Virtual machine escape fetches $105,000 at Pwn2Own hacking contest Moose 03/18/17 12:37 PM

Extra information Permissions
Moderator:  redk9258, URherenow, Tafoid 
0 registered and 22 anonymous users are browsing this forum.
You cannot start new topics
You cannot reply to topics
HTML is enabled
UBBCode is enabled
Thread views: 713