Pwn2Own 2023: Good Morning Windows 11, Tesla, Ubuntu and macOS Hacked

On his first day Vancouver 2023 contestants successfully hack Tesla Model 3s, , Ubuntu Desktop and the , using zero-day exploits.

pwn2own 2021

They won a total of $375.000 in prize money and a Tesla Model 3 (same as the one they hacked)!.​

During the of Pwn2Own Vancouver 2023 competition, competitors target products in enterprise applications, enterprise communications, local escalation of privilege (EoP), servers, virtualization and .

The first to fall into the category of enterprise applications was Adobe Reader, after Abdul Aziz Hariri of Haboob SA (@abdhariri) used an exploit (a εκμετάλλευσης) που καταχράται πολλαπλές αποτυχημένες ενημερώσεις κώδικα, και έτσι ξέφυγε από το sandbox και παρέκαμψε μια προστατευμένη λίστα on macOS. $50.000 prize.

The STAR Labs team (@starlabs_sg) παρουσίασε μια αλυσίδα εκμετάλλευσης zero-day που στοχεύει την πλατφόρμα συνεργασίας της ομάδας SharePoint της .$100.000 prize. He also successfully hacked Ubuntu Desktop with a previously known exploit and won an additional $15.000.

The Synacktiv team (@Synacktiv) won in the Car category $100.000 and a Tesla Model 3 after successfully executing an attack TOCTOU (Time-of-check to time-of-use) against Tesla – Gateway. They also used a TOCTOU zero-day to switch privileges on Apple macOS and won an additional $40.000.

The VirtualBox was hacked by Bien Pham of Qrious Security (@bienpnn) using an OOB Read and a stacked-based buffer exploitation chain. He came out with a profit of $40.000.

Last but not least, Marcin Wiązowski changed the privileges in Windows 11 using a zero-day and got a reward of $30.000.

From March 22 to March 24, contestants can win $1.080.000 in and prizes, including a Tesla Model 3 car. The top prize for hacking a Tesla is $150.000 and the car itself.

After demonstrating and disclosing zero-day vulnerabilities during Pwn2Own, vendors have 90 days to build and release security fixes for all reported flaws before the Trend Micro's Zero Day Initiative disclose them publicly.

For the record, according to during last year's Vancouver Pwn2Own contest, security researchers won $1.155.000 after hacking Windows 11 six times, Ubuntu Desktop four times, and successfully zero-daying Microsoft Teams three times.

They also introduced several zero-days in Apple Safari, Oracle Virtualbox, Mozilla Firefox and hacked the Tesla Model 3 Infotainment System.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
Pwn2Own, hack

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).