The first day of the Pwn2Own Vancouver 2023 event have seen awards about $375,000 for 12 zero-day vulnerabilities demonstrated by the participants.
The details as follows
- AbdulAziz Hariri of Haboob SA demonstrated a zero-day attack against Adobe Reader in the Enterprise Applications category. He earned $50,000 and 5 Master of Pwn points. First hack of the day.
- Singapore team STAR Labs they successfully targeted Microsoft SharePoint in the Server category earning $100,000 and 10 Master of Pwn points.
- The STAR Labs team, 2nd hack was with Ubuntu Desktop with a previously known exploit earning $15,000 and 1.5 Master of Pwn points.
- Bien Pham from Qrious Security exploited an OOB Read and a stacked-based buffer overflow against Oracle VirtualBox. He earned $40,000 and 4 Master of Pwn points.
- Marcin Wiązowski exploited an improper input validation issue to elevate privileges on Windows 11. He earned $30,000 and 3 Master of Pwn points.
- Synacktiv demonstrated a TOCTOU (time-of-check to time-of-use) attack against Tesla – Gateway. They earned $100,000 and 10 Master of Pwn points and a Tesla Model 3.
- Synacktiv also exploited a TOCTOU bug to escalate privileges on Apple macOS earning $40,000 and 4 Master of Pwn points.