Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There have been vm escape vulnerabilities published in the past (although none have been exploited that I know of.)

http://venom.crowdstrike.com/



Depends on your definition of exploited; definitely nothing WannaCry-style yet!

https://www.google.com/#q=Pwn2Own+2017+VM+escape

Virtual machine escape fetches $105,000 at Pwn2Own hacking contest | https://arstechnica.com/security/2017/03/hack-that-escapes-v...

"We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox, and we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine," Qihoo 360 Executive Director Zheng Zheng wrote in an e-mail. "Then we exploited a hardware simulation bug within VMware to escape from the guest operating system to the host one. All started from and only by a controlled a website."

http://www.vmware.com/security/advisories/VMSA-2017-0006.htm...

--

All that given up for only fame + ~$100k!




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: