Het MacFreak® Forum - Voor online ondersteuning in het Nederlands!

    Het MacFreak® Forum
     Mededelingen: Tips, nieuwtjes en mededelingen
         Pwn2Own 2017 resultaten
                
Welkom bij Mededelingen: Tips, nieuwtjes en mededelingen 

      Forum gemodereerd door: Moderator  
  Spring naar onderwerp
« Ouder - Nieuwer »  
Onderwerp met 1 pagina
    

       
Pieterr
Niet Aanwezig




Een ware MacFreak!
Aantal berichten: 15112 | Lid sinds: 26-08-2009 | Geplaatst om: 09:05 - 18-03-2017
Erg nerdy, wel fascinerend:

https://en.wikipedia.org/wiki/Pwn2Own

http://blog.trendmicro.com/results-pwn2own-day-three/
http://blog.trendmicro.com/results-pwn2own-2017-day-two/
http://blog.trendmicro.com/results-pwn2own-2017-day-one/

 
Citaat:
Next up, Samuel Groß and Niklas Baumstark earned some style points by leaving a special message on the touch bar of the targeted Mac. They employed a use-after-free (UAF) in Safari combined with three logic bugs and a null pointer dereference to exploit Safari and elevate their privileges to root in macOS. Unfortunately, the UAF had already been corrected in the beta version of the browser, but this bug chain still netted them a partial win, garnering them $28,000 and 9 Master of Pwn points.

 
Citaat:
The day in Track B started with Tencent Security – Team Shield deciding to withdraw their attempt to exploit Apple macOS.

Conversely, the team from 360 Security didn’t waste any time by demonstrating a successful elevation of privilege on Apple macOS. They used an info leak and race condition in the kernel. In doing so, they garnered $10,000 and 3 more points for Master of Pwn.

Not waiting around, the 360 Security came right back to successfully exploit Apple Safari through an integer overflow and then escalated to root using a macOS kernel UAF. This earned them another $35,000 and 11 more Master of Pwn points.

Following them, the Chaitin Security Research Lab succeeded by performing an elevation of privilege in macOS through an info leak and OOB bug in the macOS kernel. In doing so, they netted $10,000 and 3 more Master of Pwn points.

The next entry in Track B ended in disqualification as the Tencent Security – Sword Team targeted Apple macOS with bugs already reported and known to vendor.




"One experiment is worth a thousand expert opinions."

anraadts
Niet Aanwezig




MacFreak Verslaafde
Aantal berichten: 539 | Lid sinds: 26-11-2015 | Geplaatst om: 09:38 - 18-03-2017

 
Citaat: Pieterr om 9:05, 18-03-2017
earned some style points by leaving a special message on the touch bar of the targeted Mac.


"style points", inderdaad erg nerdy!   

       

Spring naar onderwerp
« Ouder - Nieuwer »
Onderwerp met 1 pagina

MF-Forum v6.0.0 © 2001/2013 - MacFreak® Interactive Media