Windows 10 gets hacked (twice) at Pwn2Own, along with macOS and Ubuntu
Hackers punished the major desktop platforms – but not mobile operating systems
Pwn2Own witnessed hackers defeating the security of not just Windows 10, but also macOS and Ubuntu – all on the very first day.
Due to the coronavirus outbreak, the big hacking event was held with all those involved participating remotely – with their exploits prepared in advance – rather than in Vancouver as is usually the case (as part of the CanSecWest security conference).
- Windows 10 sucks – can Linux save us all?
- How to use Windows 10
- macOS 10.16 release date, news and rumors
As to the specifics, Windows 10 was hacked by Flourescence, leveraging a use-after-free (memory corruption) bug to get escalated system privileges, which earned a cool $40,000 (around £34,000, AU$68,000).
It was double trouble for Windows 10 as Microsoft’s operating system also came a cropper with another (different) use-after-free vulnerability demonstrated by team Fluoroacetate, which was again worth $40,000 (around £34,000, AU$68,000).
If that name rings a bell, that’s because Fluoroacetate exploited a vulnerability in Tesla’s in-car browser at Pwn2Own last year, which earned them one of the electric cars as well as a ton of prize money: $375,000 (around £320,000, AU$635,000), in fact.
Safari slip
When it came to macOS this year, that was punished through the Safari web browser, with escalation of privileges achieved via six different vulnerabilities – with a resulting payout of $70,000 (around £60,000, AU$120,000).
And it was the RedRocket CTF team which defeated Ubuntu’s security with a local privilege escalation exploit via an input validation bug in the Ubuntu kernel, which earned them $30,000 (around £26,000, AU$50,000).
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Other victims followed after day one, unsurprisingly, including Adobe Reader on Windows, VMWare Workstation and VirtualBox, all of which were successfully exploited.
The idea, of course, is that with these security holes pointed out, developers can then fix them before they are actually exploited for nefarious means in the wild.
What about mobile platforms? Interestingly there were no victories for the hackers against the big mobile operating systems this time around, with Android and iOS coming away unscathed. Furthermore, Tesla wasn’t troubled by the hackers this year, either.
- Windows 10 is falling apart – so it’s a great time to get a Chromebook
- Stay safer on Windows 10 with the best PC VPN
Via Wccftech
Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).