>Contestants at this year's Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.
>escape virtual machine
>escape
https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/
>"We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox, and we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine," Qihoo 360 Executive Director Zheng Zheng wrote in an e-mail. "Then we exploited a hardware simulation bug within VMware to escape from the guest operating system to the host one. All started from and only by a controlled a website."
>>59507660
>windows 10
so 7 is safe?
closed source btfo
>>59507660
>Microsoft's heavily fortified Edge browser
My sides. . . .
>>59508483
It's considered that because it's closed source and no one really knows what's going on in there.
>>59507660
>vm escape
Now those are a rare sight nowadays.
>>59508483
This.
>>59507660
>only $105k
Shoulda sold it to china or the CIA or some shit for $10 million.
>VMware has a vulnerability
>HAHAHA MICROSOFT IS FINISHED!!!
>>59508570
Who is this cum chum
>>59508557
You'd never get that kind of money.
>>59508595
Ai-chan, virtual YouTuber shit.
>>59508557
They could have gotten more. Not millions though.
>>59507660
>hardware simulation bug within VMware
M$ status: utterly BTFO.
>vm escape
>people laughing at Microsoft
lads
>>59508570
>>59508998
>>59509478
>Reading comprehension
It's a daisy-chain of three vulnerabilities:
Edge code execution vuln -> privilege escalation to Win 10 kernel space code execution vuln (ouch) -> VMware vuln
>>59509542
I know
I'm pointing out the vm escape, not the browser vuln
>>59509542
>OS thing
>ouch
>VM escape isn't out
I hate Microsoft's non-LTSB versions of Windows 10 as much as anybody else, but the true concern here is a VM escape. That shit should not be happening and I can guarantee you that VMWare is firing whoever is responsible for allowing that to happen.