Pwn2Own Vancouver 2023 -Day 1 Summary

The first day of the Pwn2Own Vancouver 2023 event have seen awards about $375,000 for 12 zero-day vulnerabilities demonstrated by the participants.

The details as follows

• AbdulAziz Hariri of Haboob SA demonstrated a zero-day attack against Adobe Reader in the Enterprise Applications category. He earned $50,000 and 5 Master of Pwn points. First hack of the day.
• Singapore team STAR Labs they successfully targeted Microsoft SharePoint in the Server category earning $100,000 and 10 Master of Pwn points.
• The STAR Labs team, 2^nd hack was with Ubuntu Desktop with a previously known exploit earning $15,000 and 1.5 Master of Pwn points.
• Bien Pham from Qrious Security exploited an OOB Read and a stacked-based buffer overflow against Oracle VirtualBox. He earned $40,000 and 4 Master of Pwn points.
• Marcin Wiązowski exploited an improper input validation issue to elevate privileges on Windows 11. He earned $30,000 and 3 Master of Pwn points.
• Synacktiv demonstrated a TOCTOU (time-of-check to time-of-use) attack against Tesla – Gateway. They earned $100,000 and 10 Master of Pwn points and a Tesla Model 3.
• Synacktiv also exploited a TOCTOU bug to escalate privileges on Apple macOS earning $40,000 and 4 Master of Pwn points.