SoylentNews

Fnord666 writes:

Contestants at this year's Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.

[...] "We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox, and we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine," Qihoo 360 Executive Director Zheng Zheng wrote in an e-mail. "Then we exploited a hardware simulation bug within VMware to escape from the guest operating system to the host one. All started from and only by a controlled a website."

[...] Any hack that can break out of a widely used virtual machine is generally considered significant. The one described Friday is made all the more impressive because it works by exploiting Edge, which is regarded among security professionals as one of most challenging browsers to exploit. Typically, such remote-code exploits require two or more vulnerabilities to be exploited in unison. The requirement appears to be why the Qihoo team combined the heap overflow exploit with the Windows kernel hack. The description sets up a scenario in which malicious websites can not only compromise a visitor's virtual machine, but also the much more valuable host machine the VM runs on. At last year's Pwn2Own, contestants didn't attempt to target VMWare, an indication reliable exploits were probably worth more than the $75,000 prize that was offered at the time.

Friday's success underscores the central theme of Pwn2Own, that no operating system or application is immune to hacks that thoroughly compromise its security.

Source: ArsTechnica

Original Submission