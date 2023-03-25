At Pwn2Own Vancouver 2023, security researchers targeted software across multiple categories, including automotive, enterprise applications and communications, server, virtualization, and local escalation of privilege (EoP).
Microsoft should now have a lot of work to do: the Pwn2Own participants showed several zero-day attacks on Windows 11, SharePoint and teams. Traditionally, not much is revealed about the vulnerabilities at first, giving vendors a chance to patch the vulnerabilities before they are exploited by cybercriminals.
On day one, Pwn2Own Vancouver participants earned $375,000 and a Tesla Model 3 after demonstrating a total of 12 zero-days in Tesla Model 3, Windows 11, Microsoft SharePoint, Oracle VirtualBox and macOS.
Use After Free bug in Windows 11
A fully patched Windows 11 system was hacked again, with Synacktiv’s Thomas Imbert receiving $30,000 for a Use After Free (UAF) bug. On the third and last day of the Pwn2Own hacking competition, five more zero-day exploits for Windows 11, Ubuntu Desktop and the virtualization software VMware Workstation were demonstrated. A total of $1,035,000 and a Tesla Model 3 were awarded for 27 zero-day exploits in this competition. The Synacktiv team “swept away” the most, receiving $530,000 and the Tesla for their exploits. The hacked companies now have 90 days to patch the zero-day bugs before Trend Micro’s Zero-Day Initiative releases the technical details.
