Pwn2Own Vancouver 2023 awarded $1,035,000 and a Tesla for 27 0-days

Pierluigi Paganini March 25, 2023

On the third day of the Pwn2Own Vancouver 2023 hacking contest, the organization awarded $185,000 for 10 zero-day exploits.

Pwn2Own Vancouver 2023 is ended, contestants disclosed 27 unique zero-days and the organization awarded a total of $1,035,000 and a Tesla Model 3. The team Synacktiv (@Synacktiv) (Benoist-Vanderbeken, David Berard, Vincent Dehors, Tanguy Dubroca, Thomas Bouzerar, and Thomas Imbert) won the competition, they earned 53 points, $530,000, and a Tesla Model 3.

On the third day, contestants were awarded $185,000 after demonstrating 5 zero-day exploits targeting the Ubuntu Desktop, Windows 11, and the VMware Workstation software.

Pwn2Own Vancouver 2023

The day began with the hack of Ubuntu Desktop by Kyle Zeng from ASU SEFCOM, he used a double-free bug and earned $30,000 and 3 Master of Pwn points.

Thomas Imbert (@masthoon) from Synacktiv (@Synacktiv) used a UAF against Microsoft Windows 11. They earn $30,000 and 3 Master of Pwn points.

The researchers Mingi Cho of Theori used a UAF against Ubuntu Desktop, the team earned $30,000 and 3 Master of Pwn points.

The STAR Labs (@starlabs_sg) team used an uninitialized variable and UAF to hack the VMWare Workstation virtualization software. They earned $80,000 and 8 Master of Pwn points. The STAR Labs team also attempted to demonstrate an exploit against Microsoft Teams, but failed to do it within the time allotted.

Bien Pham (@bienpnn) from Qrious Security successfully targeted Ubuntu Desktop, but used a known exploit, for this reason, the attempt was classified as “Collision”. The team earned $15,000 and 1.5 Master of Pwn points.

“That’s a wrap for Pwn2Own Vancouver! Contestants disclosed 27 unique zero-days and won a combined $1,035,000 (and a car)! Congratulations to the Masters of Pwn, Synacktiv (@Synacktiv), for their huge success and hard work! They earned 53 points, $530,000, and a Tesla Model 3.” reads the wrap for the hacking competition that was published by The Zero Day Initiative.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Pwn2Own Vancouver 2023)



you might also like

leave a comment