Ars Technica reports one team "compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in... by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware."
Digital Trends reports "Samuel Grob and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro, [and] impressed onlookers even more by adding a custom message to the Touch Bar which read: "pwned by niklasb and saelo."
Ubuntu 16.10 Linux was also successfully attacked by exploiting a flaw in the Linux 4.8 kernel, "triggered by a researcher who only had basic user access but was able to elevate privileges with the vulnerability to become the root administrative account user..." reports eWeek. "Chaitin Security Research Lab didn't stop after successfully exploiting Ubuntu. It was also able to successfully demonstrate a chain of six bugs in Apple Safari, gaining root access on macOS."
Another attacker "leveraged two separate use-after-free bugs in Microsoft Edge and then escalated to SYSTEM using a buffer overflow in the Windows kernel."
Edge, VMWare, Safari, And Ubuntu Linux Hacked at Pwn2Own 2017
Other urls found in this thread:
m.gadgetsnow.com
arstechnica.com
vmescape.com
youtu.be
youtube.com
twitter.com
I feel like those chicks smell really bad
All of these get hacked every day
>chicks
root@god ~ # pacman -Qe vmware
error: package 'vmware' was not found
root@god ~ # uname -r
4.10.3-1-ARCH
Guess I'm safe.
root@god ~ # pacman -Qe virtualbox
virtualbox 5.1.18-1
Virtualbox is better anyway
Why do these people show these exploits at conferences instead of reporting or even selling them and getting potentially tens of thousands of dollars?
Reputation?
They realize getting a good reputation can lead to better employment/investors in the future.
But they get the same level of recognition (or maybe even better) when reporting them.
Who fucking cares.
I guess they must enjoy large conferences where they can meet other people.
We do apparently. Back to faggot
What makes you think they didn't report them?
...
No we don't. Back to retard
Somebody needs a hug
Unless it's bug bounty you hold on to it and hope for a job I guess.
>virtualbox
>not dogshit
pick one.
Somebody needs a cure for their down syndrome.
You seem very upset, user-kun. Would you like a hug from my waifu? (that's all you'll get unless you pay me haha kidding hahaha or am I haha lol)
>being this butthurt about something you purportedly didn't care
at least it's opensource
t.qemufag
>tens of thousands of dollars
Hrm... you know what's nicer than 5 figures?
6 figures.
>VMware Hacked
No one cares that it was workstation. There is a reason they didnt attempt this with ESXi - vmescape.com
old linux kernel 4.8 patch incoming in 3..2..1
>physical access
>leveraged
used
HAHAHAHAHA! OPEN SORES KEKS BTFO ONCE AGAIN!
>Edge
Botnet
>VMWare
Botnet
>Safari
Botnet
>Ubuntu
Botnet
Explain to me how you think these are open source. Fucking retard.
Good thing I use KVM.
Thank god, VirtualBox is safe. I need virtualization software.
It exploited the linux kernel.
Open sores is insecure by design.
An outdated one. Fucking Ubuntu can't even 4.10
Debian stable still runs 3.16 kek.
>Debian
Botnet
Whats not a botnet?
Gentoo/Arch with OpenRC
It might have exploited the Linux kernel, but the only thing that's actually really vulnerable was Windows the Edge exploits, that can be triggered via simply visiting a website -- for Linux it was actually needed to somehow have shell access to the target machine or be able to execute code on it.
So think again about what is more secure.
Phew, I dodged a bullet there. Thanks mate.
Nice try cocksucker
I never said I was the other guy.
what a cringey comic, thats some tumblr tier shit you got on your hardrive faggot.
You were badly impersonating him and you know it. Fucking loser.
>Open sores is insecure by design.
I see youuu!
youtu.be
There's no reason to expect the same person to reply to you every single time. That's not how this site works.
You were acting as if I'd given you the advice so fuck off. The advice was for him explicitly, bitch.
No, the advice was for everyone reading the thread.
Shut the fuck up, Donny
youtube.com
>not qemu
Qemu? More like queef eww
Not hacked: seL4.
>Virtualbox is better anyway
it's fucking garbage.
>4.8 Kernel
lel
Update your software, retards.
chicks(dudes)
>windows builtin browser
Selling an Edge 0day on the black market would fetch more, simply because of the massive amount of users on Windows and at least part of them using Edge.
"In addition to the Ubuntu Linux attack target, the Pwn2Own 2017 event alsIn addition to the Ubuntu Linux attack target, the Pwn2Own 2017 event also listed Apache Web Server running on Ubuntu 16.10 Linux as a potential target, with a prize of $200,000 for a successful exploit. Dustin Childs, director of communication for ZDI, told eWEEK that no one has registered to take aim at the Apache/Ubuntu targeto listed Apache Web Server running on Ubuntu 16.10 Linux as a potential target, with a prize of $200,000 for a successful exploit. Dustin Childs, director of communication for ZDI, told eWEEK that no one has registered to take aim at the Apache/Ubuntu target"
The kernel get a huge update on march 8, so maybe not fixed yet.
sauce on the article?
>nobody gives a shit about your fucking hentai