At PwnFest 2016, hackers compromised Windows 10’s Microsoft Edge web browser in just 18 seconds and devised the first attack on VMware Workstation 12.5.1.
This week, at the PwnFest 2016 contest held at the Power of Community security conference in Seoul, hackers compromised Microsoft Edge operating on Windows 10 Red Stone 1 and for the first time demonstrated how to hack VMware Workstation 12.5.1. without user interaction.
The security experts will report details of the attacks to vendors avoiding to disclose them before a fix will be released.
At PwnFest 2016, researchers from the Chinese security firm Qihoo 360 and South Korean security researcher JungHoon hacked in just 18 seconds the Windows 10’s Microsoft Edge web browser.
The hackers devised a method to launch system-level attacks that in the case of VMware hacks could be also performed remotely.
The researchers demonstrated a total of four hacks targeting the new Google Pixel running Android version 7 (Nougat), Adobe Flash via Microsoft Edge on Windows 10 Red Stone 1, and Apple Safari on MacOS Sierra.
The hackers earned $140,000 for the Windows Edge hacks, while Qihoo hacker team and Lee earned $150,000 for the hack of the VMware Workstation 12.5.1.
The Qihoo team confirmed to have spent six months to discover three vulnerabilities that were chained to hack the systems. The chained flaws including a possible use-after-free, confirmed out-of-boundary read, and out-of-boundary write exploits.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.