Hackers cook god-mode remote exploits against Edge, VMware in world-first

[Batu69]

PwnFest fells first tech giants – Google Pixel, Adobe next in line

Power of Community Hackers have twice completely compromised Microsoft Edge operating on Windows 10 Red Stone 1 and for the first time twice broken VMWare Workstation without user interaction.

 

The bugs landed via SYSTEM-level remote code execution while the second VMware hacks could also be performed remotely.

The four hacks were demonstrated at the PwnFest 2016 event held at the Power of Community security conference in Seoul on Thursday, with details to be provided to vendors and kept under wraps.

 

It is a run of hacks against major platforms including the new Google Pixel running Android version 7 (Nougat), Adobe Flash via Microsoft Edge on Windows 10 Red Stone 1, and Apple Safari on MacOS Sierra.

 

Junghoon Lee, aka LokiHardt, shows his successful Edge exploit.

 

A team at Beijing vulnerability firm Qihoo 360 successfully popped Edge on Windows 10, as did highly talented South Korean hacker Lokihardt, the latter's exploit being successful after only 18 seconds.

 

Both earned $140,000 for gaining SYSTEM-level code execution on Windows Edge.

Another Qihoo hacker team and Lee both compromised VMware Workstation 12.5.1 in the world's first attacks against the platform, bagging $150,000 for the exploits. As both were by coincidence identical, Lee offered a second undisclosed bug to earn the cash reward.

 

The Qihoo team told Vulture South that it took six months from March to brew the trio of chained vulnerabilities including a possible use-after-free, confirmed out-of-boundary read, and out-of-boundary write exploits.

 

Qihoo had about 30 hours to rework their Edge bug after Microsoft squashed three of their four vulnerabilities in its Patch Tuesday run just before the event.

The Register will report on successful hacks throughout the two-day conference.

 

The hacking teams should be expected to succeed.

 

Article source

[straycat19]

Another example of the 'Best Windows Ever' isn't any better than any of the previous versions and maybe worse since they have written so much new code and thus have thousands of possible exploits available that weren't there before.  So much for Edge.  Back to the old Windows again, patch, patch, patch and still not secure.

[Cypher3927]

5 hours ago, straycat19 said:

Another example of the 'Best Windows Ever' isn't any better than any of the previous versions and maybe worse since they have written so much new code and thus have thousands of possible exploits available that weren't there before.  So much for Edge.  Back to the old Windows again, patch, patch, patch and still not secure.

In my opinion, it is the best Windows ever. It looks better, works better, provides a lot of useful functionality, is a lot more secure and there's added value in free upgrades that are consistently released bringing with them new capabilities and features. I've had considerably less problems on this iteration compared to all the bullshit I've had to deal with on every single version that came before. Is it perfect? Certainly not, nothing ever is. Microsoft's approach to updates certainly leaves a lot to be desired but Windows has come a long way and considering that it's the most used operating system by a long shot, exploits are to be expected. When you objectively look at the situation, it's quite a feat that it's as secure as it is. Also Edge is actually one of the safest browsers and it's relatively new compared to other options such as Chrome, Firefox and Opera that have been available for many years and are still exploited on a regular basis. However, people will continue to complain because that's what the human race really excels at.