There is no such thing as a perfect operating system. It has always been said. In fact, this article comes just minutes after another in which We talked of a zero-day vulnerability that they made public a few hours ago. What we have to talk about now is something less serious, since it has been in the Pwn2Own 2020 where the latest bugs have been found in Windows 10, macOS, and Ubuntu. Less serious in theory, because now it is the companies that have to repair the faults found.
El Pwn2Own 2020 has been this year's edition of a contest for hackers one of those that serves them for at least two things: the first is to take the prize money, and the second is to make themselves known to the world, which would allow them to find a job that can sometimes make them end up in a large company such as the They just "burst."
Ubuntu was exploited for its kernel in Pwn2Own 2020
As for Linux, it was the operating system Ubuntu the one that fell hand in hand with the RedRocket CTF team. This team found an LPE (Local Privilege Escalation) exploit that allowed them to gain root access. The hacking team took $ 30.000 for their exploit. But other teams took a little more money for, in theory, finding more important or numerous bugs.
The first prize went to the team that found a exploit in Safari by another LPE in the macOS kernel that affected your browser. The team that discovered it, Georgia Tech Systems Software & Security Lab, took $ 70.000 for its discovery, mostly because the exploit consisted of a total of six bugs. The team also managed to disable the SIP (System Integrity Protection) of the operating system.
Somewhat less gained the user known as Fluorescence, a Pwn2Own veteran who used his UAF (use-after-free) bug to gain system scaling privileges in Windows. Fluorescence took $ 40.000. Other software violated during the contest was VirtualBox, Adobe Reader on Windows and VMWare Workstation, although the latter could not be demonstrated and did not win any awards. The organizers did manage to exploit the VMWare Workstation bug in hindsight, so at least they did mention the team that discovered it.
This year's contest was different from previous years: held online due to Coronavirus. In any case, it was once again demonstrated that no operating system is safe, just as it is not safe for anyone to go out on the streets at this time. So, once again, we will say two things: stay at home and keep your operating system always well updated.