The Pwn2Own Vancouver 2023 has begun, this hacking competition has 19 entries targeting nine different targets – including two Tesla attempts.
On the first day of the event, the organization awarded $375,000 (and a Tesla Model 3) for 12 zero-day vulnerabilities demonstrated by the participants.
The first hack of the day was performed by the AbdulAziz Hariri (@abdhariri) of Haboob SA (@HaboobSa), who demonstrated a zero-day attack against Adobe Reader in the Enterprise Applications category. Hariri earned $50,000 and 5 Master of Pwn points.
One of the most interesting attacks was conducted by the Singapore team STAR Labs (@starlabs_sg), they successfully targeted Microsoft SharePoint in the Server category earning $100,000 and 10 Master of Pwn points.
The STAR Labs team also hacked Ubuntu Desktop with a previously known exploit earning $15,000 and 1.5 Master of Pwn points.
Bien Pham (@bienpnn) from Qrious Security (@qriousec) exploited an OOB Read and a stacked-based buffer overflow against Oracle VirtualBox. He earned $40,000 and 4 Master of Pwn points.
Then the researcher Marcin Wiązowski exploited an improper input validation issue to elevate privileges on Windows 11. He earned $30,000 and 3 Master of Pwn points.
The team of the offensive security company Synacktiv (@Synacktiv) demonstrated a TOCTOU (time-of-check to time-of-use) attack against Tesla – Gateway. They earned $100,000 and 10 Master of Pwn points and a Tesla Model 3. The same team also exploited a TOCTOU bug to escalate privileges on Apple macOS earning $40,000 and 4 Master of Pwn points.
The only failed attempt of the day was of last_minute_pwnie which attempted to demonstrate an Ubuntu exploit.
The Pwn2Own Vancouver 2023 continues … stay tuned!
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Pwn2Own Vancouver 2023)
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.