$hell on Earth: From Browser Hacking to System Compromise
Pwn2Own is all about owning systems/devices—a test of technical skill to see who the best hacker is.
This year’s winning submissions showed who can get super-user (SYSTEM/root) privileges by compromising the security of browsers/browser plug-ins. Seven of eight entries targeted kernel weaknesses, regardless of OS; Apple and Microsoft were successfully owned. Among browser makers, Google fared best—being successfully exploited only once via an attack that abused a previously and independently reported vulnerability.
More than underscoring the state of browser security, however, the successful hacking attempts highlighted a serious security issue—how browsers and browser plug-ins can be used as effective attack vectors. As unknown vulnerabilities surface after every Pwn2Own contest, vendors can only up their game by having security in mind from the time they decide to create products. Vendors can use the proofs of concept that contestants use to improve their products’ security.
For a detailed look at the Pwn2Own 2016 revelations, read $hell on Earth: From Browser to System Compromise.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale