The second day of Pwn2Own Vancouver 2023 have seen awards $475,000 for 10 unique zero-day vulnerabilities, bringing the total awarded to $850,000
The details as follows
- The day began with the success/collision achieved by Thomas Imbert and Thomas Bouzerar from Synacktiv demonstrating a 3-bug chain against Oracle VirtualBox with a Host EoP. The success was classified as a “collision” because one of the bugs exploited in the attack was previously known. The due earned $80,000 and 8 Master of Pwn points.
- The researchers @hoangnx99, @rskvp93, and @_q5ca from Team Viettel chained 2 vulnerabilities to hack Microsoft Teams. They earn $75,000 and 8 Master of Pwn points.
- David Berard and Vincent Dehors from Synacktiv exploited a heap overflow and an OOB write to hack Tesla – Infotainment Unconfined Root. They qualify for a Tier 2 award, earning $250,000 and 25 Master of Pwn points. The team also won the Tesla Model 3 they have hacked.
- The researcher dungdm of Team Viettel exploited an uninitialized variable and a UAF bug to hack Oracle VirtualBox. He earned $40,000 and 4 Master of Pwn points.
- Tanguy Dubroca from Synacktiv was awarded $30,000 for demonstrating the exploitation of an incorrect pointer scaling zero-day leading to privilege escalation on Ubuntu Desktop. They earn $30,000 and 3 Master of Pwn points.