Hackers compromised Microsoft Edge is just 18 seconds

At PwnFest 2016, hackers compromised Windows 10’s Microsoft Edge web browser in just 18 seconds and devised the first attack on VMware Workstation 12.5.1.

This week, at the PwnFest 2016 contest held at the Power of Community security conference in Seoul, hackers compromised Microsoft Edge operating on Windows 10 Red Stone 1 and for the first time demonstrated how to hack VMware Workstation 12.5.1. without user interaction.

The security experts will report details of the attacks to vendors avoiding to disclose them before a fix will be released.

At PwnFest 2016, researchers from the Chinese security firm Qihoo 360 and South Korean security researcher JungHoon hacked in just 18 seconds the Windows 10’s Microsoft Edge web browser.

The hackers devised a method to launch system-level attacks that in the case of VMware hacks could be also performed remotely.

The researchers demonstrated a total of four hacks targeting the new Google Pixel running Android version 7 (Nougat), Adobe Flash via Microsoft Edge on Windows 10 Red Stone 1, and Apple Safari on MacOS Sierra.

The hackers earned $140,000 for the Windows Edge hacks, while Qihoo hacker team and Lee earned $150,000 for the hack of the VMware Workstation 12.5.1.

The Qihoo team confirmed to have spent six months to discover three vulnerabilities that were chained to hack the systems. The chained flaws including a possible use-after-free, confirmed out-of-boundary read, and out-of-boundary write exploits.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Microsoft Edge, hacking)