At Pwn2Own Vancouver 2023, security researchers targeted software across multiple categories, including automotive, enterprise applications and communications, server, virtualization, and local escalation of privilege (EoP).
Microsoft should now have a lot of work to do: the Pwn2Own participants showed several zero-day attacks on Windows 11, SharePoint and teams. Traditionally, not much is revealed about the vulnerabilities at first, giving vendors a chance to patch the vulnerabilities before they are exploited by cybercriminals.
On day one, Pwn2Own Vancouver participants earned $375,000 and a Tesla Model 3 after demonstrating a total of 12 zero-days in Tesla Model 3, Windows 11, Microsoft SharePoint, Oracle VirtualBox and macOS.
Use After Free bug in Windows 11
A fully patched Windows 11 system was hacked again, with Synacktiv’s Thomas Imbert receiving $30,000 for a Use After Free (UAF) bug. On the third and last day of the Pwn2Own hacking competition, five more zero-day exploits for Windows 11, Ubuntu Desktop and the virtualization software VMware Workstation were demonstrated. A total of $1,035,000 and a Tesla Model 3 were awarded for 27 zero-day exploits in this competition. The Synacktiv team “swept away” the most, receiving $530,000 and the Tesla for their exploits. The hacked companies now have 90 days to patch the zero-day bugs before Trend Micro’s Zero-Day Initiative releases the technical details.
- Pwn2Own Vancouver 2023: $1M for demonstrated exploits
- Goal: Enterprise Software, Server, Auto, Virtualization and EoP
- Microsoft’s Windows 11, SharePoint and Teams have been hacked
- Synacktiv received $530,000 and a Tesla Model 3
- Patch within 90 days before details are released
- Demonstrated 12 zero-days in Tesla Model 3, Windows 11, Microsoft SharePoint, Oracle VirtualBox and Mac OS
See also:
Internet, safety, vulnerability, hacker, security, attack, hack, crime, Trojan, virus, malware, exploit, cybercrime, cybersecurity, hacker attack, hacking, Internet crime, system, hacker attacks, hacker attack, hacking, attack, hacks, crime, Hacked, Pest, Hacked, System Hacked