檔案狀態:    住戶編號:2321069
 ac 的日記本
快速選單
到我的日記本
看他的最新日記
加入我的收藏
瀏覽我的收藏
李永得:台北戒嚴了? 《前一篇 回她的日記本 後一篇》 桃園區40多萬人口沒有電影院
 切換閱讀模式  回應  給他日記貼紙   給他愛的鼓勵  檢舉
篇名: 微軟新瀏覽器最易被駭
作者: ac 日期: 2017.03.22  天氣:  心情:
Microsoft Edge: Most Hacked Browser At Pwn2Own 2017

微軟新瀏覽器,Microsoft Edge,最易被駭。

by Lucian Armasu March 20, 2017 at 10:25 AM - Source: Zero Day Initiative

The Pwn2Own 2017 hacking contest, which celebrated its 10th anniversary, concluded after three days in which security teams hacked away at browsers and operating systems. Microsoft’s Edge seems to have been hit the hardest, while Chrome remained unhackable during the contest.

Microsoft Losing Its Edge

Microsoft created the Edge browser by rewriting most of it from scratch (some parts were forked from Internet Explorer). The company’s goal was to have a browser that’s much more secure and that can keep up with Chrome and Firefox when it comes to supporting the latest web standards. Edge even implemented sandboxing technologies that were similar to what Chrome was using, which put it ahead of Firefox, which is still trying to play catch-up in this regard.

However, despite these improvements in code cleanness and security technologies, it hasn’t quite proven itself when faced with experienced hackers at contests such as Pwn2Own. At last year’s edition of Pwn2Own, Edge proved to be a little better than Internet Explorer and Safari, but it still ended up getting hacked twice, while Chrome was only partially hacked once.
Things seem to have gotten worse, rather than better, for Edge. At this year’s Pwn2Own, Microsoft’s browser was hacked no less than five times.

On the first day, Team Ether (Tencent Security) was the first to hack Edge through an arbitrary write in the Chakra JavaScript engine. The team also used a logic bug in the sandbox to escape that, as well. The team got an $80,000 prize for this exploit.
On the second day, the Edge browser was attacked fast and furious by multiple teams. However, one was disqualified for using a vulnerability that was disclosed the previous day. (The teams at Pwn2Own are supposed to only use zero-day vulnerabilities that are unknown to the vendor. Two other teams withdrew their entries against Edge.

However, Team Lance (Tencent Security) successfully exploited Microsoft’s browser using a use-after-free (UAF) vulnerability in Chakra, and then another UAF bug in the Windows kernel to elevate system privileges. The exploit got the team $55,000. Team Sniper (Tencent Security) also exploited Edge and the Windows kernel using similar techniques, which gained this team the same amount of money, as well.

http://www.tomshardware.com/news/pwn2own-2017-microsoft-edge-hacked,33940.html
標籤:
瀏覽次數:273    人氣指數:473    累積鼓勵:10
 切換閱讀模式  回應  給他日記貼紙   給他愛的鼓勵 檢舉
給本文愛的鼓勵:  最新愛的鼓勵
李永得:台北戒嚴了? 《前一篇 回她的日記本 後一篇》 桃園區40多萬人口沒有電影院
 
給我們一個讚!