At Pwn2Own hacking contest was successfully hacked Chrome, Firefox, IE 10, Java, Win 8
The first day of competition Pwn2Own, held each year at the conference CanSecWes, proved fruitful as ever - were demonstrated working industry practices previously unknown vulnerabilities in Chrome, Firefox, IE 10, Windows 8 and Java. In all cases, the attack was carried out in the processing in the browser specially decorated web-pages, the opening of which ended with complete control over the system. When demonstrating the attack relies on the most recent stable releases of browsers and operating systems Windows 7, 8 and Mac OS X Mountain Lion with all available updates in the default configuration.
In accordance with the terms of the tender, the detailed information of all the demonstrated 0-day vulnerabilities will be published only after the release of the manufacturers updates with the removal of these vulnerabilities. Part of the success of this year's Pwn2Own is associated with a significant increase in the amount of remuneration. For example, for the demonstration of hacking Chrome browser will be paid compensation of 100 thousand dollars for hacking IE - 75,000 dollars for hacking Firefox - 60 thousand dollars for hacking Safari - 65 thousand dollars, for breaking through the IE plug-in Adobe Reader XI - 70,000 dollars for breaking plugins for Adobe Flash and Java on 20 thousand dollars. At the same time the competition will be held adjacent Pwnium, which will be offered to break the Chrome OS on the device Samsung Series 5550 Chromebook. The total prize fund will Pwnium 3.14159 million and the maximum amount of compensation - 150 thousand dollars.
As far as technique is demonstrated hacking, for Firefox 19 has been exploited by a new vulnerability with reference to already freed memory area (use-after-free), in combination with new techniques bypass any additional security mechanisms of the operating system Windows 7, such as DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization). Hacking Windows 8 was shown on the tablet Surface Pro through the exploitation of two 0-day vulnerabilities in Internet Explorer 10 and the new technique of going beyond sandbox. The attacks have been demonstrated in the company Vupen Security. Java plug-in has been successfully attacked by three different bidders representing companies Accuvant Labs, Contextis and Vupen, through the exploitation of vulnerabilities, leading to a possible heap overflow.
Hacking Chrome showed Nils and Jon Butler, researchers from companies MWRLabs. For attacks on Chrome prepared multilevel working exploit, using 0-day vulnerabilities in the operating system to bypass sandbox restrictions, combined with the vulnerability of the rendering process in the browser. Bypass sandbox was organized through the exploitation of vulnerabilities in the kernel, allowing execution of code outside an isolated environment with system privileges Windows. ALSR used to bypass a leak of some addresses in pamtyati, which was calculated by the base address of a system DLL. To bypass DEP of DLL was read and converted to a string of JavaScript content segment. Text, from which we calculated an address for ROP (Return-Oriented Programming).
According to the researchers who participated in the competition from the company Vupen, by engaging additional security mechanisms to develop exploits began to take much more time, for example if the previous contests exploit could write for a week, but now the search uyazuimosti and writing the exploit was spent several months. Separately, the improvements of Adobe in terms of strengthening the security of Flash-plugin and the rapid release of updates, if before the exploitation of vulnerabilities in Flash was the main source of malicious software, it is now the laurels went to the plugin Java.
Write an exploit for Flash, with the introduction of sandbox-isolated, it became much more difficult and expensive than pldagina exploit for Java, which is enough to attack a flaw without having to develop workarounds sandbox. Change the situation, Oracle can only radically redesigned security architecture Java, without the 0-day exploits will appear more and more often. The most difficult to carry out an attack is called a browser Chrome, overcoming a multilevel security system that promises a lot of difficulties, and developers not only eliminate existing vulnerabilities, and develop techniques to prevent attacks and blocking techniques bypass sandbox. A weakness of Chrome called Webkit.
On the first day of competition was not broken browser Safari surrounded by Mac OS X, presumably participants will have saved the working methods of attack for the next day, which for hacking Safari on iOS is assigned a much higher reward.
Link: Chrome, Firefox, IE 10, Java, Win 8 fall at Pwn2own hackfest
No comments:
Post a Comment