Pwn2Own contest will pay $900,000 for hacks that exploit this Tesla For the first time, foremost hacking competition adds cars to its lineup by Dan Goodin. https://www.zerodayinitiative.com/b...pNrxmneBz96BmGhrNnjZ7VFR9XexUsAv3vxwJAr0bp0v4 https://cansecwest.com
Pwn2Own 2019 Day 2 – Hackers earned $270,000 for Firefox, Edge hacks March 22, 2019 https://securityaffairs.co/wordpress/82711/hacking/pwn2own-2019-day2.html
FYI. Directly related to above, Mozilla has patched Firefox. Security vulnerabilities fixed in Firefox 66.0.1
I wonder of the Firefox exploit would be able to bypass the sandbox without the Windows kernel exploit.
No probably not, that's why they combine it with a Windows kernel exploit. The point of a sandbox is that even when you get remote code execution, malware will still run with limited rights. But on browsers like Chrome and Firefox it gets more and more difficult to find remote code execution bugs, that's why you don't read about them that much anymore. Yes, a bit weird.
Considering Chrome exploits pay larger awards, I can only assume the contestants haven't found a way to hack it.
Don't believe Tesla has that browser at the moment. https://www.businessinsider.com/elon-musk-tesla-web-browser-chromium-2019-3
Thanks JRViejo. Actually, I was thinking they might have included Chromium along with the the other browsers on the day they hacked them
wat0114, you're welcome! Looks like there's no date as to when the Tesla browser will be changed, according to reports, and yes, I don't know why Chrome was not included in their testing this time. Take care.
I had to look for that. It was the infotainment system in the Tesla, so I don't know how that browser compares to the one used on pc's.
The Story of Two Winning Pwn2Own JIT Vulnerabilities in Mozilla Firefox April 18, 2019 https://www.thezdi.com/blog/2019/4/...wn2own-jit-vulnerabilities-in-mozilla-firefox
Will be interesting to read about the sandbox escape. I'm guessing that Sandboxie would have protected against this exploit.