has released the next version of the Firefox browser - Firefox 66. In total, developers…
In fact, the Tianfu Cup is very similar to Pwn2Own and was created precisely after the Chinese government banned local cybersecurity researchers from participating in hacker contests organized overseas in 2018.
“The essence of the competition is to exploit previously unknown vulnerabilities and use them to hack a specific application or device. If the exploit works, and the attack succeeds, the researchers receive points for this, and eventually cash prizes”, – say the organizers of the Tianfu Cup.
As with Pwn2Own, all exploits used and bugs found are reported to the developers of the compromised products, and patches are released shortly after the end of the event. Since this year the participants managed to compromise iOS, Windows 10, Safari, Chrome, Firefox and other products, and soon came fixes and details of the found.
The Firefox vulnerability, identified as CVE-2020-26950, is described by browser developers as an issue related to a use-after-free bug in MCallGetProperty. The flaw was fixed in Firefox 82.0.3, Firefox ESR 78.4.1 and Thunderbird 78.4.2.
In turn, the Chrome vulnerability found in the Tianfu Cup is being tracked as CVE-2020-16016. Google describes it as an incorrect implementation in the base component. The company’s engineers have fixed a bug with an update for Chrome 86, which was released earlier this week.
The exploitation of vulnerabilities CVE-2020-26950 and CVE-2020-16016 was demonstrated at the Tianfu Cup by the team of the Chinese tech giant Qihoo 360. This team eventually became the winner of the competition and achieved 744,500 dollars, that is, almost two-thirds of the total prize pool activities, which this year consisted $1.21 million.
“For example, a vulnerability in Firefox brought Qihoo 360 specialists $40,000, and a problem in Chrome that allowed remote code execution from the sandbox was brought them $100,000”, – say the organizers of the Tianfu Cup.
Let me remind you that also ended the hacking competition Pwn2Own Tokyo, where were hacked NAS, routers and TVs of famous manufacturers.
News-xbuhoxu.store is a domain that tries to force you into subscribing to its browser notifications…
News-xbadeyo.today is a site that tries to force you into clik to its browser notifications…
News-bbutohu.info is a site that tries to trick you into clik to its browser notifications…
News-bbucoxe.today is a domain that tries to force you into clik to its browser notifications…
News-xdetake.cc is a domain that tries to force you into clik to its browser notifications…
News-bbufiya.today is a domain that tries to force you into subscribing to its browser notifications…