Home Hacking News Hackers Make $105K From A VM Escape At Pwn2Own

Hackers Make $105K From A VM Escape At Pwn2Own

by Unallocated Author

The contestants at the Pwn2Own hacking competition in Vancouver this year have just pulled off an unusually impressive feat. They have managed to compromise Microsoft’s Edge browser in a specific way such that ti escapes a VMware Workstation virtual machine it is running in. This hack fetched them a prize of $105,000, which is the highest awarded so far in the past three days.

According to a tweet this Friday morning, from the contest’s organizers: the members of Qihoo 360’s security team have carried out a hack by exploiting heap overflow bug in Edge, a kind of confusion flaw in Windows kernel and an uninitialized buffer vulnerability in the VMware. The result is a “complete virtual machine escape.”

In an e-mail, the Qihoo 360 Executive Director Zheng Zheng wrote, “We have used a JavaScript engine bug within the Microsoft Edge to achieve code execution inside the Edge sandbox, and we used a kernel bug in Windows 10 to escape from it and fully compromise guest machine.” He continued, “Then we have exploited a hardware simulation bug within the VMware to escape from the guest operating system to host one. All if this started from and only by a controlled a website.”

Virtual machines are very crucial to the security of large organisations and individuals everywhere. In server hosting environments, they are used as containers which prevent one customer’s operating system and data from being accessed by another customer who is sharing the same physical server. Virtual machines like the VMware Workstation hacked Friday are also used on desktop computers to isolate untrusted content. Should the guest operating system be compromised through a drive-by browsing exploit or similar attack, the hackers still don’t get access to data or operating system resources on the host machine.

Friday’s success underscores the central theme of Pwn2Own, that no operating system or application is immune to hacks that thoroughly compromise its security.

 

You may also like