Preorder drugiego tomu książki sekuraka: Wprowadzenie do bezpieczeństwa IT. -15% z kodem: sekurak-book

Pwn2Own 2016 — podsumowanie 1. dnia

17 marca 2016, 15:40 | W biegu | komentarze 3

Poniżej krótkie podsumowanie 1. dnia konkursu Pwn2Own 2016.

  1. JungHoon Lee (lokihardt): Demonstrated a successful code execution attack against Apple Safari to gain root privileges. The attack consisted of four new vulnerabilities: a use-after-free vulnerability in Safari and three additional vulnerabilities, including a heap overflow to escalate to root. This demonstration earned 10 Master of Pwn points and US$60,000.
  2. 360Vulcan Team: Demonstrated a successful code execution attack against Adobe Flash using a Flash confusion bug with use-after-free vulnerability in the Windows Kernel to run code in the SYSTEM context. This demonstration earned 13 Master of Pwn points and US$80,000.
  3. Tencent Security Team Shield (PC Manager and KeenLab): Demonstrated a successful code execution attack against Apple Safari to gain root privileges using two use-after-free vulnerabilities, one in Safari and the other in a privileged process. This demonstration earned 10 Master of Pwn points and US$40,000.
  4. 360Vulcan Team: Demonstrated a successful code execution attack against Google Chrome in the SYSTEM context. The attack used four vulnerabilities: two use-after-free vulnerabilities in Adobe Flash, one use-after-free vulnerability in the Windows Kernel and an out-of-bounds vulnerability in Google Chrome. This was a partial win due to the Google Chrome vulnerability being a duplicate of a previous, independent report to Google. This demonstration earned 12 Master of Pwn points and US$52,500.
  5. Tencent Security Team Sniper (KeenLab and PC Manager): Demonstrated a successful code execution attack against an out-of-bounds vulnerability in Adobe Flash that use an infoleak vulnerability and a use-after-free vulnerability in the Windows Kernel to achieve SYSTEM context. This demonstration earned 13 Master of Pwn points and US$50,000.
  6. Tencent Xuanwu Lab: Adobe Flash in Microsoft Edge: This attempt failed.

Spodobał Ci się wpis? Podziel się nim ze znajomymi:



Komentarze

  1. Ja

    Faktycznie z kondycją oprogramowania klienckiego jest kiepsko :)

    Odpowiedz
  2. Jurek

    A co z drugim dniem?

    Odpowiedz
  3. zero one

    Nie to żebym miał coś przeciwko, ale co się tak uparli na Appla? ;P

    Odpowiedz

Odpowiedz