Information Security News
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Contestants at this year's Pwn2Own hacking competition in Vancouver just pulled off an unusually impressive feat: they compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in. The hack fetched a prize of $105,000, the highest awarded so far over the past three days.
According to a Friday morning tweet from the contest's organizers, members of Qihoo 360's security team carried out the hack by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware, contest organizers reported Friday morning on Twitter. The result was a "complete virtual machine escape."