It is increasingly clear that security is just an illusion, as hackers routinely destroy the most secure operating systems and platforms.
The latest report comes from the Tianfu Cup cybersecurity competition, which saw a wide variety of breached devices and apps. Victims include iPhone 13 Pro running iOS 15.0.2 twice violated with remote code execution exploit and iOS 15 jailbreak.
Microsoft couldn’t rejoice, as the company saw 5 successful exploits for Windows 10 and one for Exchange, while Google saw two exploits for Chrome.
Other affected targets include Adobe PDF, Asus AX56U router, Docker CE, Parallels VM, QEMA VM, Ubuntu 20, VMware ESXi and Workstation.
Chinese hackers must show their work at the Tianfu Cup because they have been banned from participating in international competitions such as Pwn2Own. Some sources are concerned that the Chinese government is stocking hacks for a future cyber warfare because a new Chinese law from September 1, 2021 requires Chinese citizens to disclose any zero-day vulnerabilities to the government.
“The Chinese government could stockpile a significant number of zero-day products against products widely used in other regions and have access to the knowledge to operate these products before they are properly patched,” said Kristina Balaam, engineer senior security intelligence at Lookout. .
“It’s the cyber equivalent of airplane flights over Taiwan,” said Sam Curry, security manager at Cybereason.
The winning hacks were, however, disclosed to the affected vendors. A Microsoft spokesperson told Forbes that “all vulnerabilities reported in the competition are disclosed in a responsible and confidential manner. Solutions to verified security issues that meet our criteria for immediate service are normally posted through our monthly Tuesday update cadence. Google has already started rolling out fixes for vulnerabilities found in the October 16-17 event in Chrome 95.0.4638.69, released October 28, 2021.
Going through Forbes