SoylentNews is people
SoylentNews
The quartet of Matt Molinyawe, Abdul-aziz Hariri, Jasiel Spelman, and Jason Smith of Trend Micro's Zero Day Initiative vulnerability clearing house detailed and demonstrated the devastating white hat hacks during their presentations at the Black Hat conference in Las Vegas.
They walked delegates through the exploitation steps of the eight successful Pwn2Own hacks pulled off at the Pwn2Own competition in March, recapping the steps and the 21 vulnerabilities which lead to digital goring of Chrome, Safari, Microsoft Edge, Apple OS X, and Adobe Flash.
"The winning submissions to Pwn2Own 2016 provided unprecedented insight into the state-of-the-art techniques in software exploitation" the quartet says in a 65-page technical paper [PDF] published after the talk.
"Every successful submission provided remote code execution as the super user (SYSTEM/root) via the browser or a default browser plug-in … attained through the exploitation of the Microsoft Windows or Apple OS X kernel."
[...] "Application sandboxing is a step in the right direction, but the kernel attack surface remains expansive and exposed," they say. "Each of the winning entries was able to avoid the sandboxing mitigations by leveraging vulnerabilities in the underlying OSs."
Mitigations that isolate access to kernel APIs from sandboxed processes will add hurdles to frustrate future attempts to pop god-mode shells, they say.
Presentation slides are also available as a PDF. ®
(Score: 0) by Anonymous Coward on Monday August 08 2016, @07:48PM
It is either incompetence / laziness driven by the large development teams, or it is a built in on purpose. Perhaps they were lax on sandboxing security because it was easier for testing, or they were lax so that it would be easy to get into any box (for recovery or nefarious reasons). Probably a little bit of both.