back to article Chinese hacking competition cracks Chrome, ESXi, Windows 10, iOS 14, Galaxy 20, Qemu, and more

VMware has taken the unusual step of warning about an imminent security advisory after a Chinese team successfully popped its flagship product. News of the crack came from Tianfu Cup, a hacking contest staged in China over the weekend and modelled on events like "Pwn2Own" where vendors allow teams to take down their wares …

  1. tip pc Silver badge

    They did all that over a weekend for a competition

    What can they do when they really put their mind to it?

    1. Anonymous Coward
      Anonymous Coward

      Re: They did all that over a weekend for a competition

      Usually they have stuff prepared and just need to modify it for the current setup. Or have to rethink if a security hole they previously found was patched in the latest version or altered what they were planning.

      1. Version 1.0 Silver badge

        Re: They did all that over a weekend for a competition

        Right, the winners normally already know about the hacks, it's a bit like doing an O-level exam, you can't take your books in but if you sit down remember the information you can win.

  2. Anonymous Coward
    Anonymous Coward

    They targetted Chrome, Safari, Firefox and Edge

    and managed to crack Chrome, Safari and Firefox.

    1. Alumoi Silver badge

      Re: They targetted Chrome, Safari, Firefox and Edge

      You do know that Edge is based on Chrome, right? Chromium, to be exact, but let's not get pedantic.

      1. Anonymous Coward
        Anonymous Coward

        Re: You do know that Edge is based on Chrome, right?

        You do realise that means they found an exploit in Google's Chromium wrapper that wasn't in Edge, right? You're a twat, to be exact, for being pedantic.

        1. Alumoi Silver badge

          Re: You do know that Edge is based on Chrome, right?

          Dear Microsoft PR anonymous coward, why so angry?

          1. Anonymous Coward
            Anonymous Coward

            Re: Dear Microsoft PR anonymous coward, why so angry?

            I must be angry because when someone said something twattish I called them out!

            Why were four browsers listed if there were only three targets?

            Why so quick to attack MS for having better security than Google?

            What's your agenda, Alumoi?

    2. Anonymous Coward
      Anonymous Coward

      Re: They targetted Chrome, Safari, Firefox and Edge

      They didn't need to take Edge, they jacked the entire Windows O.S.... who gives a fuck at that point about Edge (not that anyone ever does care about Edge). And _YES_, the challenge required Edge to be ran on Windows (so I guess taking Windows first was a 2'fer...??).

      12.Targets: Windows 10 2004

      Equipment: Microsoft Surface Pro 5 (i7 16GB)

      System: Windows 10 2004

      Requirements: Run certain program as an unprivileged user to escalate privilege and run command as Administrator. The OS will run within VMWare Workstation, 8GB default memory.

      Prizes:

      Local Privilege Escalation: $20000

      Local Privilege Escalation with Kernel-level Access: $40000

    3. Version 1.0 Silver badge
      Happy

      Re: They targetted Chrome, Safari, Firefox and Edge

      OK, I'm going back to using Netscape Navigator, wonderful! It was not hacked!

  3. amanfromMars 1 Silver badge

    Not all systems break-ins/breakdowns are without greater benefits for .....

    ...... some core programs are kernel corrupted.

    As has been mentioned before here on El Reg, and not so long ago and quite recently*, some vulnerabilities cannot be “fixed” ..... they are important systemic opportunities/abiding future relevant features best embraced and extended and modified, for extinction is neither possible nor adorable and attractive.

    * 2020 Thursday 5 November 07:48 ..... Something to bear in mind .....

  4. sanmigueelbeer Silver badge

    The good news is that details of the cracks have not been released.

    Really? Sure about that? We're talking about China's "best" hackers here.

    1. John Brown (no body) Silver badge

      Came here to say the same thing. The Chinese "cyber" military are probably expecting some of their tools to be discovered in the near future and allowed these ones to be demonstrated at the competition because their new ones are already on stream :-)

      1. You aint sin me, roit
        Trollface

        Meanwhile the NSA...

        Crosses off their backdoors that have been found, and is content that their latest ones are still viable...

        By the way, didn't they target Huawei code?

        1. sev.monster Bronze badge

          Re: Meanwhile the NSA...

          You could target Huawei code with a wet blanket with rotted-through holes. Being that Huawei operates in China, the government likely mandated it to be that easy in any number of planned circumstances.

        2. amanfromMars 1 Silver badge

          Re: Meanwhile the NSA... Can you believe it is not so?

          Meanwhile the NSA crosses off their backdoors that have been found, and is content that their latest ones are still viable... ..... You aint sin me, roit

          That can only be so if they, the latest ones, are solely exclusive to the NSA and not even known by anyone in even the friendliest of special partnership allies/Five Eyes cohorts, and such a situation would be proof positive that there is no effective alliance of/for equals and it's a dog eats dog world environment with everyone into best servering themselves secret goodies and to hell with everyone and everything else.

          You might like to realise that that has been the quite natural sub-prime human default since forever in that very particular peculiar field and to think anything different has one deluding oneself very effectively.

          It is also the most lucrative and beneficially rewarding of fields to be extremely effective and virtually invisible and practically intangible in ...... a Veritable Untouchable.

          1. John Brown (no body) Silver badge

            Re: Meanwhile the NSA... Can you believe it is not so?

            "such a situation would be proof positive that there is no effective alliance of/for equals and it's a dog eats dog world environment with everyone into best servering themselves secret goodies and to hell with everyone and everything else."

            I doubt any alliance in history has included sharing all defensive and/or offensive technology. More sharing might happen in an actual shooting war, but even then I doubt it's all shared. Todays ally might be tomorrows enemy. We Brits were shipping millions of tons of supplies and munition to the USSR in the 1940's, including 1000's of tanks. A few short years later, our frenemy was our enemy.

            1. amanfromMars 1 Silver badge

              Re: Meanwhile the NSA... Can you believe it is not so?

              We Brits were shipping millions of tons of supplies and munition to the USSR in the 1940's, including 1000's of tanks. A few short years later, our frenemy was our enemy. ..... John Brown (no body)

              Yes, Judas Iscariot lives/lived in disguise under a bowler, JB (no body). Is it any wonder true friends and great lovers are almighty scarce and designedly decidedly unappealing/free and easy going.

              In Juicy Lucy Virgin Soldiers parts of the worlds on Earth are they popularly known and recognised as Butterflies ...... flitting as they tend to do from one delicate flower to another delectable delight in the Perfumed Gardens of Life in the Universe.

        3. sanmigueelbeer Silver badge
          Coat

          Re: Meanwhile the NSA...

          By the way, didn't they target Huawei code

          They "tried" but Huawei was deemed "un-hackable".

  5. Def Silver badge
    Coat

    The good news is that details of the cracks have not been released.

    So Google weren't invited then?

    1. Barrie Shepherd

      Re: The good news is that details of the cracks have not been released.

      Google are omnipresent so don't need to be either invited or physically there :-)

  6. Ramis101

    So new & shiny hacked to bits....

    and i'll still get bombed on here if i say something about using XP, or W7 even.

    or some knackered unpatched old 'droid version LOL

  7. Lars Silver badge
    Coat

    Any information about what kind of access they had to the hardware in different cases.

  8. RM Myers

    Firefox just fixed this

    At least the write up for 82.0.3 claims that this fixes the error found "in Tianfu Cup 2020 International Cybersecurity Contest".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022