

The next edition of the hacker event Pwn2Own is over and it was all about insecure software. While many developers feared that their software would stand up to the experts, over a million dollars were paid for the exploits shown.





At Pwn2Own Vancouver 2023, security researchers targeted software across multiple categories, including automotive, enterprise applications and communications, server, virtualization, and local escalation of privilege (EoP).

Microsoft should now have a lot of work to do: the Pwn2Own participants showed several zero-day attacks on Windows 11, SharePoint and teams. Traditionally, not much is revealed about the vulnerabilities at first, giving vendors a chance to patch the vulnerabilities before they are exploited by cybercriminals.

On day one, Pwn2Own Vancouver participants earned $375,000 and a Tesla Model 3 after demonstrating a total of 12 zero-days in Tesla Model 3, Windows 11, Microsoft SharePoint, Oracle VirtualBox and macOS.

Use After Free bug in Windows 11

A fully patched Windows 11 system was hacked again, with Synacktiv’s Thomas Imbert receiving $30,000 for a Use After Free (UAF) bug. On the third and last day of the Pwn2Own hacking competition, five more zero-day exploits for Windows 11, Ubuntu Desktop and the virtualization software VMware Workstation were demonstrated. A total of $1,035,000 and a Tesla Model 3 were awarded for 27 zero-day exploits in this competition. The Synacktiv team “swept away” the most, receiving $530,000 and the Tesla for their exploits. The hacked companies now have 90 days to patch the zero-day bugs before Trend Micro’s Zero-Day Initiative releases the technical details.

Summary Pwn2Own Vancouver 2023: $1M for demonstrated exploits

Goal: Enterprise Software, Server, Auto, Virtualization and EoP

Microsoft’s Windows 11, SharePoint and Teams have been hacked

Synacktiv received $530,000 and a Tesla Model 3

Patch within 90 days before details are released

Demonstrated 12 zero-days in Tesla Model 3, Windows 11, Microsoft SharePoint, Oracle VirtualBox and Mac OS

See also: