VMware Virtual Machine Sandbox Finally Hacked!

Pwn2Own 2017 saw some impressive feats being achieved by hackers. The famous hacking competition took place from March 15 – 17th, 2017 in Vancouver, Canada. Organized by Trend Micro’s Zero Day Initiative group, the contest pays cash prizes for the team that succeeds in hijacking computers running fully patched versions of OS and applications. A group of contestants at Pwn2Own 2017 achieved something remarkable on the third and final day – they hacked VMware’s virtual machine and broke out of the sandbox!


VMware Virtual Machine sandbox finally hacked

Members of Qihoo 360’s security team succeeded in hacking by exploiting a heap overflow bug in Microsoft Edge, a type confusion flaw in Windows kernel and an uninitialized buffer vulnerability in VMware. “We used a JavaScript engine bug within Microsoft Edge to achieve the code execution inside the Edge sandbox, and we used a Windows 10 kernel bug to escape from it and fully compromise the guest machine. Then we exploited a hardware simulation bug within VMware to escape from the guest operating system to the host one. All started from and only by a controlled a website’, says Qihoo 360 Executive Director Zheng Zheng.

The team took 90 seconds to demonstrate and execute the hack. The hack outlines the importance of security in a world where leaks and security flaw exploits are becoming increasingly common. For the uninitiated, VMware is a virtualization software developed by VMware Inc, a company based in California, USA. VMware supports Linux, Windows, and Mac OS X. VMware workstations also let you run multiple OS of x86 or x86-64. Virtual Machines are so very important for software developers because they help them test bugs in software in an environment known as sandbox.

The team won the grand prize of $105,000 for their amazing feat. The Zero Day Initiative rewards cyber security researchers for disclosing security bugs. However, the contest organizers and participants don’t reveal the technical details and the exact procedure they followed until the vulnerability has been fixed.


  • Sparky Williams

    Not entirely sure what you’re talking about. This isn’t the first by a long shot. VMware has had numerous guest to host exploits. Just search for “vmware guest to host exploit” and sit back.