Major zero-day exploit in VirtualBox made public

Oracle VirtualBox Logo

A fed-up researcher who found a zero-day exploit in VirtualBox has made it public. VirtualBox is a software for running virtual machines made by Oracle.

The Russian researcher Sergey Zelenyuk was supposedly agitated due to an incident where he has found and reported another exploit in past to Oracle, which took almost one and a half years to fix the issue.

The St. Petersburg based researcher, in a post on GitHub, elaborated on his findings of a chain of bugs that can allow a malicious code to escape the VirtualBox VM and execute on the hypervisor.

The exploit is specially dangerous due to the fact that there are several exploits already available to gain kernel level access on the hypervisor.

According to the Zelenyuk, the exploit is 100% reliable.

In a exchange with ZDNet, the Russian researcher said that the issue affects all current releases of VirtualBox , and works on all host or guest OS the user is running.

In a post on GitHub, the researcher explained his decision to publish the zero-day, how to protect against the exploit, and detailed steps to reproduce the issue.

He has also published a demo. Shown below.

ALSO READ  Thunderclap exploit makes all modern computers vulnerable


commercial painters September 16, 2020 at 7:43 am

… [Trackback]

[…] Read More Info here on that Topic: […]

game bai poker doi thuong September 18, 2020 at 8:03 am

… [Trackback]

[…] Information to that Topic: […]

w88 September 21, 2020 at 12:05 am

… [Trackback]

[…] Here you can find 84464 more Info to that Topic: […]


Leave a Comment