Ars Technica reports one team "compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in... by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware."
Digital Trends reports "Samuel Grob and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro, [and] impressed onlookers even more by adding a custom message to the Touch Bar which read: "pwned by niklasb and saelo."
Ubuntu 16.10 Linux was also successfully attacked by exploiting a flaw in the Linux 4.8 kernel, "triggered by a researcher who only had basic user access but was able to elevate privileges with the vulnerability to become the root administrative account user..." reports eWeek. "Chaitin Security Research Lab didn't stop after successfully exploiting Ubuntu. It was also able to successfully demonstrate a chain of six bugs in Apple Safari, gaining root access on macOS."
Another attacker "leveraged two separate use-after-free bugs in Microsoft Edge and then escalated to SYSTEM using a buffer overflow in the Windows kernel."
>>59476574
I feel like those chicks smell really bad
>>59476574
All of these get hacked every day
>>59476578
>chicks
root@god ~ # pacman -Qe vmware
error: package 'vmware' was not found
root@god ~ # uname -r
4.10.3-1-ARCH
Guess I'm safe.
>>59476600root@god ~ # pacman -Qe virtualbox
virtualbox 5.1.18-1
Virtualbox is better anyway
>>59476574
Why do these people show these exploits at conferences instead of reporting or even selling them and getting potentially tens of thousands of dollars?
>>59476614
Reputation?
They realize getting a good reputation can lead to better employment/investors in the future.
>>59476626
But they get the same level of recognition (or maybe even better) when reporting them.
http://m.gadgetsnow.com/tech-news/Bengaluru-hacker-finds-Facebook-bug-awarded-Rs-10-lakh/articleshow/51312961.cms
Who fucking cares.
>>59476655
I guess they must enjoy large conferences where they can meet other people.
>>59476658
We do apparently. Back to >>>/out/ faggot
>>59476614
What makes you think they didn't report them?
>>59476670
No we don't. Back to >>>/r/eddit/ retard
>>59476729
Somebody needs a hug
>>59476614
Unless it's bug bounty you hold on to it and hope for a job I guess.
>>59476607
>virtualbox
>not dogshit
pick one.
>>59476737
Somebody needs a cure for their down syndrome.
>>59476778
You seem very upset, anon-kun. Would you like a hug from my waifu? (that's all you'll get unless you pay me haha kidding hahaha or am I haha lol)
>>59476778
>being this butthurt about something you purportedly didn't care
>>59476763
at least it's opensource
t.qemufag
>>59476614
>tens of thousands of dollars
Hrm... you know what's nicer than 5 figures?
https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/
6 figures.
>>59476574
>VMware Hacked
No one cares that it was workstation. There is a reason they didnt attempt this with ESXi - http://www.vmescape.com
>>59476574
old linux kernel 4.8 patch incoming in 3..2..1
>physical access
>>59476574
>leveraged
used
>>59476574
HAHAHAHAHA! OPEN SORES KEKS BTFO ONCE AGAIN!
>>59477892
>Edge
Botnet
>VMWare
Botnet
>Safari
Botnet
>Ubuntu
Botnet
Explain to me how you think these are open source. Fucking retard.
>>59476574
Good thing I use KVM.
Thank god, VirtualBox is safe. I need virtualization software.
>>59478021
It exploited the linux kernel.
>>59478059
Open sores is insecure by design.
>>59478059
An outdated one. Fucking Ubuntu can't even 4.10
>>59478070
Debian stable still runs 3.16 kek.
>>59478106
>Debian
Botnet
>>59478120
Whats not a botnet?
>>59478171
Gentoo/Arch with OpenRC
It might have exploited the Linux kernel, but the only thing that's actually really vulnerable was Windows the Edge exploits, that can be triggered via simply visiting a website -- for Linux it was actually needed to somehow have shell access to the target machine or be able to execute code on it.
So think again about what is more secure.
>>59478191
Phew, I dodged a bullet there. Thanks mate.
>>59478202
Nice try cocksucker
>>59478213
I never said I was the other guy.
>>59476574
what a cringey comic, thats some tumblr tier shit you got on your hardrive faggot.
>>59478222
You were badly impersonating him and you know it. Fucking loser.
>>59478066
>Open sores is insecure by design.
I see youuu!
https://youtu.be/rRm0NDo1CiY
>>59478237
There's no reason to expect the same person to reply to you every single time. That's not how this site works.
>>59478273
You were acting as if I'd given you the advice so fuck off. The advice was for him explicitly, bitch.
>>59478282
No, the advice was for everyone reading the thread.
>>59478289
Shut the fuck up, Donny
https://www.youtube.com/watch?v=pqDhKFqDk34
>>59476600
>>59476607
>not qemu
>>59478321
Qemu? More like queef eww
>>59476574
Not hacked: seL4.
>>59476607
>Virtualbox is better anyway
it's fucking garbage.
>>59476574
>4.8 Kernel
lel
Update your software, retards.
>>59476584
chicks(dudes)
>>59476860
>windows builtin browser
Selling an Edge 0day on the black market would fetch more, simply because of the massive amount of users on Windows and at least part of them using Edge.
>>59476574
"In addition to the Ubuntu Linux attack target, the Pwn2Own 2017 event alsIn addition to the Ubuntu Linux attack target, the Pwn2Own 2017 event also listed Apache Web Server running on Ubuntu 16.10 Linux as a potential target, with a prize of $200,000 for a successful exploit. Dustin Childs, director of communication for ZDI, told eWEEK that no one has registered to take aim at the Apache/Ubuntu targeto listed Apache Web Server running on Ubuntu 16.10 Linux as a potential target, with a prize of $200,000 for a successful exploit. Dustin Childs, director of communication for ZDI, told eWEEK that no one has registered to take aim at the Apache/Ubuntu target"
The kernel get a huge update on march 8, so maybe not fixed yet.
>>59476574
sauce on the article?
>nobody gives a shit about your fucking hentai