“18 Seconds Are Enough to hack microsoft windows 10 browser” — Security Researchers
Brief Info: At PwnFest 2016, security researchers from the Chinese security firm Qihoo 360 and South Korean security researcher JungHoon hacked Windows 10’s Microsoft Edge web browser. One of these hacks took just 18 seconds to complete. The event also witnessed the world’s first attack on VMware Workstation 12.5.1.
If
you are into bug hunting, you might be knowing about PwnFest, a bug
pwning event organized by POC. At this festival, security firms and
hackers target different platforms. The winners receive cash prize and
platform developers get to know about the vulnerabilities in their
software–a win-win situation for both.
At PwnFest 2016, held in
Seoul, hackers from the Chinese security firm Qihoo 360 and South
Korean security researcher JungHoon “Lokihardt” demonstrated two
different hacks that exploited Edge’s vulnerabilities. Out of these two
hacks, one was completed in just 18 seconds. Both won $140,000, The Register reports
The computers were running Windows 10 Anniversary Edition, aka Redstone 1. The exploits were based on system-level remote code execution in the web browser. A system-level attack runs malicious code below the user layer, granting a hacker unfettered powers.
The Qihoo 360 team was working on developing the attack for the past 6 months. However, the team had to revise the code within 30 hours prior to the event as Microsoft patched 3 out of 4 vulnerabilities available for attack.
ALSO READ: ANONYMOUS WARNS THE WORLD ABOUT WORLD WAR III
The event also witnessed the world’s first attacks on VMware Workstation 12.5.1, thanks to another Qihoo 360 team and Lee who won $150,000 for the exploits.
If you are willing to know more about the attacks and how they were performed, you’ll have to wait for some time. The details of the attack and vulnerabilities will be provided first to the vendors.
The computers were running Windows 10 Anniversary Edition, aka Redstone 1. The exploits were based on system-level remote code execution in the web browser. A system-level attack runs malicious code below the user layer, granting a hacker unfettered powers.
The Qihoo 360 team was working on developing the attack for the past 6 months. However, the team had to revise the code within 30 hours prior to the event as Microsoft patched 3 out of 4 vulnerabilities available for attack.
ALSO READ: ANONYMOUS WARNS THE WORLD ABOUT WORLD WAR III
The event also witnessed the world’s first attacks on VMware Workstation 12.5.1, thanks to another Qihoo 360 team and Lee who won $150,000 for the exploits.
If you are willing to know more about the attacks and how they were performed, you’ll have to wait for some time. The details of the attack and vulnerabilities will be provided first to the vendors.
Did you find this story interesting? Don’t forget to drop your feedback in the comments section below.
Reference:fossbytes.com
Comments
Post a Comment