In the course of the second day of Pwn2Own Vancouver 2023, opponents had been awarded $475,000 after efficiently exploiting 10 zero-days in a number of merchandise.
The checklist of hacked targets included the Tesla Mannequin 3, Microsoft’s Groups communication platform, the Oracle VirtualBox virtualization platform, and the Ubuntu Desktop working system.
This earned them $250,000 and allowed them to take dwelling a Tesla Mannequin 3 after hacking through a heap overflow and an OOB write exploit chain.
On a 3rd try from Synacktiv, Tanguy Dubroca (@SidewayRE) was awarded $30,000 for demoing an incorrect pointer scaling zero-day resulting in privilege escalation on Ubuntu Desktop.
Workforce Viettel (@vcslab) hacked additionally Microsoft Groups through a 2-bug chain to earn $78,000 and Oracle’s VirtualBox utilizing a Use-After-Free (UAF) bug and an uninitialized variable for $40,000.
On the first day, Pwn2Own opponents had been awarded $375,000 and a Tesla Mannequin 3 after efficiently demoing 12 zero-days within the Tesla Mannequin 3, Home windows 11, Microsoft SharePoint, Oracle VirtualBox, and macOS.
On the final day of the competition, safety researchers will try to take advantage of zero-day bugs in Ubuntu Desktop, Microsoft Groups, Home windows 11, and VMware Workstation.
Pwn2Own Vancouver 2023 contestants can earn $1,080,000 in money and two Tesla Mannequin 3 vehicles between March 22 and March 24.
Researchers will target products from a number of classes through the contest, together with enterprise functions, enterprise communications, servers, virtualization, automotive, and native escalation of privilege (EoP).
That concludes Day 2 of #P2OVancouver – we awarded $475,000 for 10 distinctive zero-days at present, bringing the overall awarded to $850,000! Keep tuned tomorrow for the ultimate day of the competitors. #Pwn2Own pic.twitter.com/EtMnP4Ree5
— Zero Day Initiative (@thezdi) March 23, 2023
“This 12 months’s occasion guarantees some thrilling analysis as we’ve got 19 entries concentrating on 9 totally different targets – together with two Tesla makes an attempt,” ZDI mentioned.
“For this 12 months’s occasion, each spherical can pay full worth, which suggests if all exploits succeed, we’ll award over $1,000,000 USD.”
Distributors must patch zero-day vulnerabilities demoed and disclosed throughout Pwn2Own inside 90 days earlier than Development Micro’s Zero Day Initiative publicly publishes technical particulars.
At Pwn2Own Vancouver 2022, safety researchers earned $1,155,000 after hacking the Tesla Mannequin 3 Infotainment System, taking down Home windows 11 six occasions, demonstrating three Microsoft Groups zero-days, and exploiting Ubuntu Desktop 4 occasions.
- Apple’s new AirPods Professional with USB-C charging case are already $50 off
- Simply 48 hours left to save lots of 20% on this Lifetime Plex Move deal
- P2PInfect botnet exercise surges 600x with stealthier malware variants
- Are you able to promote electrical energy again to the grid in Maine?
- Samsung brings One UI 6 beta to the Galaxy S22 sequence