Category Archives: vmware

VMware and Google extend partnership to include Chrome OS management in Workspace One

 One of the beautiful things about owning a Google Chromebook laptop is the surprising lack of maintenance involved. The browser is essentially the OS and you connect to applications via the cloud. Everything gets updated automatically. Easy, peasy right? Well, it gets a bit more complicated when you bring a device into a mixed environment in the enterprise, and VMware announced a partnership… Read More

These big tech companies pay their interns the most

 It’s May and that means the window for locking down internships at tech companies is rapidly closing. In reflection of the 2017 recruiting season, Glassdoor took some time to analyze its anonymized salary data, producing a report of the highest paying internships for 2017. We went ahead and pulled the tech companies from the list, and among large tech companies, Facebook leads the… Read More

Virtual machine escape fetches $105,000 at Pwn2Own hacking contest [updated]

Enlarge (credit: Heather Katsoulis)

Contestants at this year's Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.

According to a Friday morning tweet from the contest's organizers, members of Qihoo 360's security team carried out the hack by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware, contest organizers reported Friday morning on Twitter. The result was a "complete virtual machine escape."

"We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox, and we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine," Qihoo 360 Executive Director Zheng Zheng wrote in an e-mail. "Then we exploited a hardware simulation bug within VMware to escape from the guest operating system to the host one. All started from and only by a controlled a website."

Read 7 remaining paragraphs | Comments