The View from DVLabs – Pwn2Own 2017

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Wed, 15 Mar 2017 22:36:06 +0000

This blog will be updated throughout the competition so keep tracking for the latest updates!

A global outbreak of bigger bugs. Badder bugs. And they’re threatening the world as we know it. Yes, it sounds like a poorly-written trailer for the next summer blockbuster alien invasion movie, but in truth, it’s a reality we’ll face yet again this year. We are back in Vancouver, B.C. for the 2017 Pwn2Own competition run by the Trend Micro TippingPoint Zero Day Initiative. We are looking at an unprecedented 30 entries this year, well above anything we’ve seen from previous competitions. What is especially exciting are the entrants in the VMware escape category, where we may see exploits not normally seen against the virtual machine allowing an attacker to break out of a VM environment and control the host.

The TippingPoint DVLabs team is onsite as usual, meeting with each of the hacking teams and dissecting the code and exploits in order to provide zero-day filters for all remotely exploitable vulnerabilities. One of the questions we get is: What’s the point of covering these vulnerabilities if only one hacker is attempting to exploit them? Well, you only have to look at the success of the patches from vendors this year for the answer. Just before Pwn2Own commences each year, almost all vendors furiously issue patches to attempt to minimize the number of successful exploits. Once again, we saw a series of likely defensive submissions from contestants, aimed at “burning” or eliminating zero-days that other teams could use to win the competition. What this tells us is that multiple researchers have found similar zero-day vulnerabilities. We can expand this concept to assume the bad guys have found some of these bugs as well and will use them before they are patched out, if they’re not using them already. This is where you see the power of DVLabs and our Digital Vaccine filter set. By providing “virtual patches” for these extremely dangerous and prolific vulnerabilities, our customers are uniquely protected until vendors can build and release a patch, and maintenance windows can be scheduled for impacted systems to be remedied.

Keep following this post for updates, including upcoming Digital Vaccine coverage for all of the network-exploitable vulnerabilities seen over this hectic three-day hackfest!

Day 1: March 15, 2017

Time (PDT)TeamTargetSuccessful?Upcoming Digital Vaccine Coverage?
10:00 am360 Security (@mj0011sec)Adobe ReaderYesYes

ZDI-CAN-4575

11:30 amSamuel Groß (@5aelo) and Niklas Baumstark (@_niklasb)Apple Safari with an escalation to root on macOSPartial WinYes

ZDI-CAN-4578

1:00 pmTencent Security – Team EtherMicrosoft EdgeYesN/A
2:00 pmChaitin Security Research Lab (@ChaitinTech)Ubuntu DesktopYesLocal Only
3:30 pmTencent Security – Team EtherMicrosoft WindowsNoN/A
5:00 pmRalf-Philipp WeinmannMicrosoft Edge with a SYSTEM-level escalation
6:00 pmTencent Security – Team Sniper (Keen Lab and PC Mgr)Google Chrome with a SYSTEM-level escalation
7:30 pmTencent Security – Team Sniper (Keen Lab and PC Mgr)Adobe Reader
8:30 pmChaitin Security Research Lab (@ChaitinTech)Apple Safari with an escalation to root on macOS
10:00 pmRichard Zhu (fluorescence)Apple Safari with an escalation to root on macOS

http://feeds.trendmicro.com/TrendMicroSimplySecurity