An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver:
On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.
The first to fall was Adobe Reader in the enterprise applications category after Haboob SA’s Abdul Aziz Hariri (@abdhariri) used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000.
The STAR Labs team (@starlabs_sg) demoed a zero-day exploit chain targeting Microsoft’s SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.
Synacktiv (@Synacktiv) took home $100,000 and a Tesla Model 3 after successfully executing a TOCTOU (time-of-check to time-of-use) attack against the Tesla-Gateway in the Automotive category. They also used a TOCTOU zero-day vulnerability to escalate privileges on Apple macOS and earned $40,000.
Oracle VirtualBox was hacked using an OOB Read and a stacked-based buffer overflow exploit chain (worth $40,000) by Qrious Security’s Bien Pham (@bienpnn).
Last but not least, Marcin Wiązowski elevated privileges on Windows 11 using an improper input validation zero-day that came with a $30,000 prize.
More Stories
UK Councils Warn of Data Breach After Attack on Medical Supplier
Multiple UK councils have warned that residents’ personal data may have been compromised following a ransomware attack on NRS Healthcare...
How to Protect Yourself on Social Networks
There are now over 5 billion active social media users worldwide, representing 62.3% of the global population. While social networks...
New Android Banking Trojan Mimics Google Play Update App
A new banking Trojan targeting Android devices shows multifaceted capabilities Read More
FBI Seizes BreachForums Website
The FBI has seized the BreachForums website, used by ransomware criminals to leak stolen corporate data. If law enforcement has...
Patient Data at Risk in MediSecure Ransomware Attack
Electronic prescriptions provider MediSecure said the attack originated from a third-party vendor, and has impacted individuals’ personal and health information...
Windows Quick Assist Exploited in Ransomware Attacks
Microsoft warned Storm-1811 started vishing attacks in April to gain access to target devices Read More