Safari exploit successfully demonstrated at Pwn2Own 2018

Discussion in 'other security issues & news' started by Minimalist, Mar 15, 2018.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    https://www.securityweek.com/edge-virtualbox-safari-hacked-pwn2own-2018
     
  3. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  4. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Apparently some of the Chrome security devs are joking that Chrome was not allowed to participate this year due to Chrome's Win32k Lockdown mitigation technique being too powerful and ahead of the browser game. Who knows...

    But it would be nice to have seen Chrome be allowed to participate.
     
  5. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    I agree Chrome has best sandbox and Win32k Lockdown is a big thing to complement sandbox, but do they really were not allowed to participate?
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    It doesn't seem so:
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    When China hoards its hackers everyone loses
    https://www.engadget.com/2018/03/16/chinese-hackers-pwn2own-no-go/
     
  8. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I can't say for certain, since the developers were joking around for the most part. It could be more likely that the exploit time/cost to exploit the software followed by escaping the sandbox is too much. Most previous Chrome exploits relied on two parts; first exploiting Win32k bug(s), then another combined exploit to escape the sandbox. The Win32k Lockdown is really a sweet addition.
     
  9. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Yes. I believe old-school approach to built-in sandbox is best: break program into several process to accomplish principle of least privilege and limit attack surface .(Win32k Lockdown). I think all that overhyped virtualization techniques are weaker, but of course can also be useful.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.