At PwnFest 2016, security researchers from the Chinese security firm Qihoo 360 and South Korean security researcher JungHoon hacked Windows 10’s Microsoft Edge web browser. One of these hacks took just 18 seconds to complete. The event also witnessed the world’s first attack on VMware Workstation 12.5.1.
If you are into bug hunting, you might be knowing about PwnFest, a bug pwning event organized by POC. At this festival, security firms and hackers target different platforms. The winners receive cash prize and platform developers get to know about the vulnerabilities in their software–a win-win situation for both.
At PwnFest 2016, held in Seoul, hackers from the Chinese security firm Qihoo 360 and South Korean security researcher JungHoon “Lokihardt” demonstrated two different hacks that exploited Edge’s vulnerabilities. Out of these two hacks, one was completed in just 18 seconds. Both won $140,000, The Register reports.
The computers were running Windows 10 Anniversary Edition, aka Redstone 1. The exploits were based on system-level remote code execution in the web browser. A system-level attack runs malicious code below the user layer, granting a hacker unfettered powers.
The Qihoo 360 team was working on developing the attack for the past 6 months. However, the team had to revise the code within 30 hours prior to the event as Microsoft patched 3 out of 4 vulnerabilities available for attack.
The event also witnessed the world’s first attacks on VMware Workstation 12.5.1, thanks to another Qihoo 360 team and Lee who won $150,000 for the exploits.
If you are willing to know more about the attacks and how they were performed, you’ll have to wait for some time. The details of the attack and vulnerabilities will be provided first to the vendors.