It is once again proven that there is no secure system: Linux, macOS and Windows fall at Pwn2Own 2020

Pwn2Own 2020

There is no such thing as a perfect operating system. It has always been said. In fact, this article comes just minutes after another in which We talked of a zero-day vulnerability that they made public a few hours ago. What we have to talk about now is something less serious, since it has been in the Pwn2Own 2020 where the latest bugs have been found in Windows 10, macOS, and Ubuntu. Less serious in theory, because now it is the companies that have to repair the faults found.

El Pwn2Own 2020 has been this year's edition of a contest for hackers one of those that serves them for at least two things: the first is to take the prize money, and the second is to make themselves known to the world, which would allow them to find a job that can sometimes make them end up in a large company such as the They just "burst."

Ubuntu was exploited for its kernel in Pwn2Own 2020

As for Linux, it was the operating system Ubuntu the one that fell hand in hand with the RedRocket CTF team. This team found an LPE (Local Privilege Escalation) exploit that allowed them to gain root access. The hacking team took $ 30.000 for their exploit. But other teams took a little more money for, in theory, finding more important or numerous bugs.

The first prize went to the team that found a exploit in Safari by another LPE in the macOS kernel that affected your browser. The team that discovered it, Georgia Tech Systems Software & Security Lab, took $ 70.000 for its discovery, mostly because the exploit consisted of a total of six bugs. The team also managed to disable the SIP (System Integrity Protection) of the operating system.

Somewhat less gained the user known as Fluorescence, a Pwn2Own veteran who used his UAF (use-after-free) bug to gain system scaling privileges in Windows. Fluorescence took $ 40.000. Other software violated during the contest was VirtualBox, Adobe Reader on Windows and VMWare Workstation, although the latter could not be demonstrated and did not win any awards. The organizers did manage to exploit the VMWare Workstation bug in hindsight, so at least they did mention the team that discovered it.

This year's contest was different from previous years: held online due to Coronavirus. In any case, it was once again demonstrated that no operating system is safe, just as it is not safe for anyone to go out on the streets at this time. So, once again, we will say two things: stay at home and keep your operating system always well updated.


2 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   01101001b said

    Ubuntu is like Wind * ws. Q is hacked is an open secret (just google the topic). His idea of ​​security is to put a high lock so that the short ones do not reach him. Since the title said "Linux" I imagined a real Linux.

    Interesting article.

  2.   anonymous said

    Any distro that uses sudo… is doomed… doing root using the user's password is not good business, whatever they say and what they think.