During a competition, security researchers found a vulnerability in VMware that made it possible to escape from the virtual machine. In doing so, the hackers won 180,000 euros. Leaks were also found in browsers, routers and Office.
The vulnerability was specifically found in VMware ESXi. That is virtualization software for servers. Details about the leak have not yet been disclosed. The makers of VMware said after the game that the company will come with a patch as soon as possible. Until then, the nature of the leak remains a mystery. The leak was discovered by Xiao Wei of the whitehat hacker group 360Vulcan, which competed in the Tianfu Cup. That is a Chinese hacking competition similar to well-known competitions such as Pwn2Own. During the two-day competition in Chengdu, hackers were able to test known software and hardware for vulnerabilities. The organizers confirm the leak on Twitter.
The vulnerability in VMware is the most serious found during the competition, but not the only one. A total of 488,000 euros in prize money was handed out. Hackers also found vulnerabilities in Edge during the matches that attacked EdgeHTML. In addition, two vulnerabilities were found in Chrome and one in Safari. Other software also had vulnerabilities, such as Adobe’s PDF reader and Microsoft’s Office 365.
The competition wasn’t just about software. This is how the D-Link DIR-878 router was broken open by four teams on the same day. No details have been made public about those leaks either; first there will be patches for it.