SoylentNews is people
SoylentNews
Contestants at this year's Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.
[...] "We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox, and we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine," Qihoo 360 Executive Director Zheng Zheng wrote in an e-mail. "Then we exploited a hardware simulation bug within VMware to escape from the guest operating system to the host one. All started from and only by a controlled a website."
[...] Any hack that can break out of a widely used virtual machine is generally considered significant. The one described Friday is made all the more impressive because it works by exploiting Edge, which is regarded among security professionals as one of most challenging browsers to exploit. Typically, such remote-code exploits require two or more vulnerabilities to be exploited in unison. The requirement appears to be why the Qihoo team combined the heap overflow exploit with the Windows kernel hack. The description sets up a scenario in which malicious websites can not only compromise a visitor's virtual machine, but also the much more valuable host machine the VM runs on. At last year's Pwn2Own, contestants didn't attempt to target VMWare, an indication reliable exploits were probably worth more than the $75,000 prize that was offered at the time.
Friday's success underscores the central theme of Pwn2Own, that no operating system or application is immune to hacks that thoroughly compromise its security.
Source: ArsTechnica
(Score: 0) by Anonymous Coward on Tuesday March 21 2017, @08:19AM (1 child)
Virtualizatoion is great for streamlining management, but I always laugh when people suggest that it increases security. Back when VMware ESX came out, in the first test build I did, I saw it leaking ethernet packets between virtual interfaces. I'm sure VMware is working hard to keep things secure, but I still don't trust them more than I would Microsoft. Compartmentalization may give the impression of isolation, but you have to be able to trust the hypervisor to actually keep everything separate. In the end, the additional complexity of running within a hypervisor negates the security benefits of having simplified each individual guest. It is an additional attack surface, and NOT an extra layer in your defence-in-depth.
(Score: 0) by Anonymous Coward on Tuesday March 21 2017, @11:04AM
It is another layer, because AFAIU if you break out of the virtual machine, you're still at the user level of the host OS under which the VM runs, so you've got to do another exploit to completely take over the machine. Say you need to use software that only runs on Windows, then you can run Windows in a VM and use Linux as the underlying operating system, and the hacker who manages to compromise Windows and the VM still has not compromised your complete system. Moreover since the number of tasks you actually do on the host OS is rather limited, you can crank up the security measures (like SELinux) to the maximum on the host OS without actually affecting usability too much.