May 31, 2023

The first day of the Pwn2Own Vancouver 2023 event have seen awards about $375,000 for 12 zero-day vulnerabilities demonstrated by the participants.

Advertisements

The details as follows

  • AbdulAziz Hariri of Haboob SA demonstrated a zero-day attack against Adobe Reader in the Enterprise Applications category. He earned $50,000 and 5 Master of Pwn points. First hack of the day.
  • Singapore team STAR Labs they successfully targeted Microsoft SharePoint in the Server category earning $100,000 and 10 Master of Pwn points.
  • The STAR Labs team, 2nd hack was with Ubuntu Desktop with a previously known exploit earning $15,000 and 1.5 Master of Pwn points.
  • Bien Pham from Qrious Security exploited an OOB Read and a stacked-based buffer overflow against Oracle VirtualBox. He earned $40,000 and 4 Master of Pwn points.
  • Marcin Wiązowski exploited an improper input validation issue to elevate privileges on Windows 11. He earned $30,000 and 3 Master of Pwn points.
  • Synacktiv demonstrated a TOCTOU (time-of-check to time-of-use) attack against Tesla – Gateway. They earned $100,000 and 10 Master of Pwn points and a Tesla Model 3.
  • Synacktiv also exploited a TOCTOU bug to escalate privileges on Apple macOS earning $40,000 and 4 Master of Pwn points.

Leave a Reply

%d bloggers like this: