The quartet of Matt Molinyawe, Abdul-aziz Hariri, Jasiel Spelman, and Jason Smith of Trend Micro's Zero Day Initiative vulnerability clearing house detailed and demonstrated the devastating white hat hacks during their presentations at the Black Hat conference in Las Vegas.
They walked delegates through the exploitation steps of the eight successful Pwn2Own hacks pulled off at the Pwn2Own competition in March, recapping the steps and the 21 vulnerabilities which lead to digital goring of Chrome, Safari, Microsoft Edge, Apple OS X, and Adobe Flash.
"The winning submissions to Pwn2Own 2016 provided unprecedented insight into the state-of-the-art techniques in software exploitation" the quartet says in a 65-page technical paper [PDF] published after the talk.
"Every successful submission provided remote code execution as the super user (SYSTEM/root) via the browser or a default browser plug-in … attained through the exploitation of the Microsoft Windows or Apple OS X kernel."
[...] "Application sandboxing is a step in the right direction, but the kernel attack surface remains expansive and exposed," they say. "Each of the winning entries was able to avoid the sandboxing mitigations by leveraging vulnerabilities in the underlying OSs."
Mitigations that isolate access to kernel APIs from sandboxed processes will add hurdles to frustrate future attempts to pop god-mode shells, they say.
Presentation slides are also available as a PDF. ®
(Score: 2) by Scruffy Beard 2 on Monday August 08 2016, @04:02PM
So software as munitions snuck up on me without me noticing:
Not sure why the article ends with a registered trademark symbol. I wonder if they meant to use the Copyright symbol.
(Score: 2) by Gravis on Monday August 08 2016, @04:23PM
it's The Register , they do that shit for everything.
(Score: 2) by Scruffy Beard 2 on Monday August 08 2016, @04:26PM
For more information, I suggest going to the source [wassenaar.org].
(Score: 2) by Scruffy Beard 2 on Monday August 08 2016, @04:35PM
Category 5, Part 2 starts with the note:
Does that imply there is nothing to worry about?