Windows 10 gets hacked (twice) at Pwn2Own, along with macOS and Ubuntu
Hackers punished the major desktop platforms – but not mobile operating systems
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Pwn2Own witnessed hackers defeating the security of not justWindows 10, but also macOS and Ubuntu – all on the very first day.
Due to the coronavirus outbreak, the big hacking event was held with all those involved participating remotely – with their exploits prepared in advance – rather than in Vancouver as is usually the case (as part of the CanSecWest security conference).
As to the specifics,Windows 10was hacked by Flourescence, leveraging a use-after-free (memory corruption) bug to get escalated system privileges, which earned a cool $40,000 (around £34,000, AU$68,000).
It was double trouble for Windows 10 asMicrosoft’soperating systemalso came a cropper with another (different) use-after-free vulnerability demonstrated by team Fluoroacetate, which was again worth $40,000 (around £34,000, AU$68,000).
If that name rings a bell, that’s because Fluoroacetateexploited a vulnerability in Tesla’s in-car browserat Pwn2Own last year, which earned them one of the electric cars as well as a ton of prize money: $375,000 (around £320,000, AU$635,000), in fact.
Safari slip
When it came tomacOSthis year, that was punished through theSafariweb browser, with escalation of privileges achieved via six different vulnerabilities – with a resulting payout of $70,000 (around £60,000, AU$120,000).
And it was the RedRocket CTF team which defeated Ubuntu’s security with a local privilege escalation exploit via an input validation bug in the Ubuntu kernel, which earned them $30,000 (around £26,000, AU$50,000).
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
Other victims followed after day one, unsurprisingly, includingAdobeReader on Windows, VMWare Workstation and VirtualBox, all of which were successfully exploited.
The idea, of course, is that with these security holes pointed out, developers can then fix them before they are actually exploited for nefarious means in the wild.
What about mobile platforms? Interestingly there were no victories for the hackers against the big mobile operating systems this time around, with Android and iOS coming away unscathed. Furthermore, Tesla wasn’t troubled by the hackers this year, either.
ViaWccftech
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - ‘I Know What You Did Last Supper’ - was published by Hachette UK in 2013).
Alt + Tab trouble: Windows 11’s 24H2 update turns time-saving shortcut into ten-second headache
Windows 11’s Paint and Notepad apps are getting smart new AI features – though one of the best will be for Copilot+ PCs only
Huge Black Friday Samsung sale: save up to $1,900 on QLED, OLED TVs, and more
