June 6, 2023

The second day of Pwn2Own Vancouver 2023 have seen awards $475,000 for 10 unique zero-day vulnerabilities, bringing the total awarded to $850,000

Advertisements

The details as follows

  • The day began with the success/collision achieved by Thomas Imbert and Thomas Bouzerar from Synacktiv demonstrating a 3-bug chain against Oracle VirtualBox with a Host EoP. The success was classified as a “collision” because one of the bugs exploited in the attack was previously known. The due earned $80,000 and 8 Master of Pwn points.
  • The researchers @hoangnx99, @rskvp93, and @_q5ca from Team Viettel chained 2 vulnerabilities to hack Microsoft Teams. They earn $75,000 and 8 Master of Pwn points.
  • David Berard and Vincent Dehors from Synacktiv exploited a heap overflow and an OOB write to hack Tesla – Infotainment Unconfined Root. They qualify for a Tier 2 award, earning $250,000 and 25 Master of Pwn points. The team also won the Tesla Model 3 they have hacked.
  • The researcher dungdm of Team Viettel exploited an uninitialized variable and a UAF bug to hack Oracle VirtualBox. He earned $40,000 and 4 Master of Pwn points.
  • Tanguy Dubroca  from Synacktiv was awarded $30,000 for demonstrating the exploitation of an incorrect pointer scaling zero-day leading to privilege escalation on Ubuntu Desktop. They earn $30,000 and 3 Master of Pwn points.
Tags:

Leave a Reply

You may have missed

Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

June 4, 2023
Cisco buys Armorblox

Cisco buys Armorblox

June 3, 2023
CISA KEV Update Part I – May 2023

CISA KEV Update Part I – May 2023

June 3, 2023
%d bloggers like this: