SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
21 Mar 2017

Hackers take down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017

Hackers took down Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux over the course of 11 hours on Wednesday, the first day of Pwn2Own, the annual hacking competition held in tandem with the CanSecWest conference in Vancouver.

Contestants with the Chinese security firm Qihoo 360 were the first to strike; exploiting a heap overflow in the way Reader parsed JPEG200, an image compression standard and coding system used by software.

Hackers combined the heap overflow with a Windows kernel information leak and a remote code execution vulnerability in the Windows kernel to earn $50,000. The attack would be the first of two to be carried out against Reader on the day. Later in the afternoon hackers working with Tencent Security used an info leak bug and a use-after-free bug to achieve code execution. They followed that up with leveraging another use-after-free in the kernel to gain SYSTEM-level privileges, earning $25K.

Another group of hackers working with Tencent, Team Ether, broke Microsoft Edge earlier in the day. The bug they found earned the group the largest payout of the day, $80,000 and was tied to an arbitrary write in Chakra core and a logic bug that escaped the sandbox. Chakra is the JavaScript engine that powers Edge and other Windows apps written in HTML, CSS, and JS.

Hackers with another China-based group, Chaitin Security Research Lab, took down both Ubuntu Linux and Apple’s Safari browser, in two attempts on Wednesday. The Linux bug was a heap out-of-bound access bug in the Linux kernel which earned the group $15,000.

The Safari bug was a little more involved. The group had to chain together six different bugs, including an information disclosure in Safari, four different type confusion bugs in the browser, and a use-after-free in WindowServer – a component that manages requests between OS X apps and the machine’s graphics hardware – to carry it out. The group was able to achieve root access on macOS through the exploit and earn $35,000.

Wednesday’s other Safari hack, like Chaitin’s, involved chaining together multiple Apple bugs. Two German hackers, Samuel Groß and Niklas Baumstark, Capture the Flag players from the Karlsruhe Institute of Technology, got partial credit for hacking the browser early on the first day.

The two were able to broadcast a special message across a MacBook Pro’s Touch Bar by chaining together five bugs, a use-after-free in Safari, three logic bugs and a null pointer dereference, something which allowed them to elevate to root in macOS. Apple has apparently already fixed the use-after-free in a beta version of Safari, hence the partial credit.

Two groups withdrew attacks planned against Windows and Edge on Wednesday, mounting speculation over whether Microsoft’s delayed Patch Tuesday updates broke attack vectors the entrants were planning on using.

Unlike last year, when it was partially broken, it appears Google Chrome will emerge from this year’s Pwn2Own unscathed. There are currently no exploits scheduled against the browser for the competition’s second day today. Tencent’s Team Sniper attempted to break the browser with a SYSTEM-level escalation hack yesterday but couldn’t complete their exploit chain in time.

Given the large number of entrants – 17 – the competition’s sponsors, Trend Micro and Zero Day Initiative, are splitting Pwn2Own’s second day into two tracks. Attacks against Mozilla’s Firefox, both Microsoft Windows and Edge, Apple’s macOS and Safari, and Adobe Flash are on tap for Thursday.

Tags:
information leaks hackers
Source:
Threatpost
1737
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015