hacker have on the first two days of the competition Pwn2Own, which takes place during the Security Conference CanSecWest in Vancouver, presented numerous zero-day vulnerabilities. Insert into browsers such as edge and Safari applications such as .reader and Flash Player, as well as operating systems such as Windows and Linux. It rewards were paid up to $80,000 per vulnerability by
as first showed employees of 360 Security a heap overflow in the JPEG200 component of Adobe Reader. Combined with two other bugs in the Windows kernel’s managed to take over the affected system which gave them $50,000 full control over. “
Institute of technology succeeded Samuel Groß and Niklas Baumstark of the Karlsruhe German security researchers to obtain root privileges by using multiple vulnerabilities in Safari for macOS and to leave a message in the touch bar of the new MacBook Pro. Their reward amounted to 28,000 dollars.
about 80,000 dollars and employees of Tencent security were allowed to enjoy. They demonstrated a flaw in the chakra engine of the newMicrosoft-browser edge, which allowed them, execute malicious code even outside the sandbox of the browser. Another 25,000 dollars went to a different group of researchers of Tencent security after successfully malicious code in Adobe introduced her reader and performed using a further use-after-free bug in Windows kernel with system privileges.
Chaitlin security showed that even Ubuntu Linux may be vulnerable to hacker attacks. A heap out of bounds gave researchers of the company access to the Linux kernel, what the organizers trend micro was worth $15,000.
also secured in the root privileges to macOS employees Chaitlin security research lab. They combined for six vulnerabilities in Safari and WindowServer what was rewarded with 35,000 dollars. However, another attack on Safari at the end of the first day was because he was not brought to a conclusion in the prescribed time.
the second day 360 Security and Tencent security staff went above each successfully Flash Player against Adobe. Malicious code with system privileges could run in both cases, which meant a bonus of $40,000 each. Researchers of Tencent security two more successful attacks on Microsoft edge, an attack on Windows presented in the course of the day and a root vulnerability in macOS, the again the -browser Safari was involved.
also secured 360 security more prize money by successful attacks on Mac OS and Safari, they demonstrated.-Firefox browser was also staff Chaitlin security to the victim that it demonstrated also a kernel bug in macOS. The Hamburger was another attack on Firefox security researcher Moritz yodels of blue Frost security is not complete in the allowed time.
for today are two more security vulnerabilities in Microsoft edge announced . Also, researchers want to show off two successful guest-to-host attacks, where malicious code out running in a virtual machine on the host operating system. Particularly difficult is regarded as the trend Micros has this zero day initiative for this kind of bugs awarded a prize money of 100,000 dollars. DISPLAY
has become the networking of vehicles over the last 20 years to a medium for general safety messages and traffic management. But nowadays cars are equipped with new sensors to achieve even better networked and safer driving.
: how well you familiar with browsers? Test your knowledge – with 15 questions on ITespresso.de .