An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver:
On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.
The first to fall was Adobe Reader in the enterprise applications category after Haboob SA’s Abdul Aziz Hariri (@abdhariri) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000.
The STAR Labs team (@starlabs_sg) demoed a zero-day exploit chain targeting Microsoft’s SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.
Synacktiv (@Synacktiv) took home $100,000 and a Tesla Model 3 after successfully executing a TOCTOU (time-of-check to time-of-use) attack against the Tesla-Gateway in the Automotive category. They also used a TOCTOU zero-day vulnerability to escalate privileges on Apple macOS and earned $40,000.
Oracle VirtualBox was hacked using an OOB Read and a stacked-based buffer overflow exploit chain (worth $40,000) by Qrious Security’s Bien Pham (@bienpnn).
Last but not least, Marcin Wiązowski elevated privileges on Windows 11 using an improper input validation zero-day that came with a $30,000 prize.
More Stories
Moldovan Behind E-Root Marketplace Gets US Federal Prison Term
Sandu Boris Diaconu was involved in conspiracy to commit access device and computer fraud Read More
FCC Agrees to Cyber Trust Mark for IoT Products
The voluntary FCC program will allow smart device manufacturers to demonstrate to consumers that their product has met robust cybersecurity...
Over 50,000 Vulnerabilities Discovered in DoD Systems Through Bug Bounty Program
Seven years into its ethical hacking program, the Pentagon received its 50,000th vulnerability report on March 15 Read More
Three New Critical Vulnerabilities Uncovered in Argo
The flaws, identified by KTrust, enable attackers to bypass rate limits and brute force protection mechanisms Read More
Fujitsu hack raises questions, after firm confirms customer data breach
Fujitsu has warned that cybercriminals may have stolen files with personal and customer data after it discovering malware on its...
Microsoft: 87% of UK Organizations Vulnerable to Costly Cyber-Attacks
A Microsoft report found that 87% of UK organizations are either vulnerable or at high-risk of cyber-attacks, and urged investment...