Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday August 08 2016, @03:33PM   Printer-friendly
from the be-safe-out-there dept.

The quartet of Matt Molinyawe, Abdul-aziz Hariri, Jasiel Spelman, and Jason Smith of Trend Micro's Zero Day Initiative vulnerability clearing house detailed and demonstrated the devastating white hat hacks during their presentations at the Black Hat conference in Las Vegas.

They walked delegates through the exploitation steps of the eight successful Pwn2Own hacks pulled off at the Pwn2Own competition in March, recapping the steps and the 21 vulnerabilities which lead to digital goring of Chrome, Safari, Microsoft Edge, Apple OS X, and Adobe Flash.

"The winning submissions to Pwn2Own 2016 provided unprecedented insight into the state-of-the-art techniques in software exploitation" the quartet says in a 65-page technical paper [PDF] published after the talk.

"Every successful submission provided remote code execution as the super user (SYSTEM/root) via the browser or a default browser plug-in … attained through the exploitation of the Microsoft Windows or Apple OS X kernel."

[...] "Application sandboxing is a step in the right direction, but the kernel attack surface remains expansive and exposed," they say. "Each of the winning entries was able to avoid the sandboxing mitigations by leveraging vulnerabilities in the underlying OSs."

Mitigations that isolate access to kernel APIs from sandboxed processes will add hurdles to frustrate future attempts to pop god-mode shells, they say.

Presentation slides are also available as a PDF. ®


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Nerdfest on Monday August 08 2016, @06:09PM

    by Nerdfest (80) on Monday August 08 2016, @06:09PM (#385398)

    I was under the impression that address randomization, etc, was generally weaker in Linux, but that information may be out of date. Far be it for me to read TFA, but they may not have actually even tried those two environments. Regardless, I think the vast majority of the responsibility for this is in the browser, as one of its major requirements is to isolate the web from the OS, which in these cases it has failed at.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by pkrasimirov on Monday August 08 2016, @06:21PM

    by pkrasimirov (3358) Subscriber Badge on Monday August 08 2016, @06:21PM (#385404)

    Rooting a system is not that big of an advantage. I mean they can spy online activity, read credit card info, read passwords, put adware, participate in DDoS attacks, proxy for someone, read user files from disk etc. With root they can also install drivers.

    • (Score: 2) by Nerdfest on Monday August 08 2016, @06:35PM

      by Nerdfest (80) on Monday August 08 2016, @06:35PM (#385409)

      ... and this comment is relevant because?

  • (Score: 2) by frojack on Monday August 08 2016, @11:54PM

    by frojack (1554) on Monday August 08 2016, @11:54PM (#385550) Journal

    It may be less robust, but if so that failed to yield an advantage, apparently.

    There's more to breaking out of a sandbox than beating address randomization.

    --
    No, you are mistaken. I've always had this sig.