Pwn2Own 2023 Vancouver is curretly underway and day one of the security research/hacking content had plenty of interesting results. During the day, macOS, Tesla Model 3, and Windows 11 zero-day vulnerabilities and exploits were shown.
Adobe Reader was the first to be found out. Haboob SA’s Abdul Aziz Hariri leveraged an exploit chain that abuses failed patches to escape the sandbox and bypass a list of banned API on macOS. His breach won him $50,000 in funds.
Microsoft’s SharePoint was also successfully targeted as the STAR Labs team was able to showcase a zero-day exploit chain. The team took a $100,000 reward for the exploit. STAR Labs researchers took an additional $15,000 for finding and hacking a previously unknown vulnerability in Ubuntu.
A Tesla Model 3 and $100,000 was on the table for Synacktiv after the researcher executed a time-of-check to time-of-use (TOCTOU) attack on a Tesla Model 3. The team also managed to conduct a TOCTOU attack on a zero-day vulnerability on Apple macOS, landing $40,000 for the effort.
Marcin Wiązowski elevated privileges on Windows 11 through an input validation zero-day to claim a $30,000 prize.
That wraps up the first day of #P2OVancouver 2023! We awarded $375,000 (and a Tesla Model 3!) for 12 zero-days during the first day of the contest. Stay tuned for day two of the contest tomorrow! #Pwn2Own pic.twitter.com/UTvzqxmi8E
— Zero Day Initiative (@thezdi) March 22, 2023
Pwn2Own
Pwn2Own is one of the biggest hacking contests in the world. It tasks hackers with highlighting vulnerabilities in some of the most famous platforms in tech.
When a zero-day vulnerability is found and showcased at the Pwn2Own event, software vendors are given 90 days to build and issue a security fix for all the flaws. If the vendors fail to do this, the Trend Micro Zero Day Initiative will publicly disclose the vulnerabilities.
Tip of the day: Though many VPN providers have their own apps, you can in many cases connect to a VPN in Windows without any third-party software. This is ideal if you have a self-hosted VPN or if you’re using a PC with restricted permissions. In our tutorial, we’re showing you how to connect to a VPN in Windows.
