On the first day, Pwn2Own Vancouver 2023 hacking challenge participants compromised Windows 11, Tesla, macOS, and Ubuntu Desktop.
AbdulAziz Hariri of Haboob SA, who completed his attack against Adobe Reader utilizing a 6-bug logic chain leveraging many failed fixes that escaped the sandbox and overcame a banned API list, gave the first demonstration of the day. 5 Master of Pwn points and $50,000 are awarded to him.
Microsoft SharePoint was the target of a 2-bug chain that STAR Labs was able to run. They receive 10 Master of Pwn points and $100,000.Tesla – Gateway was the target of a TOCTOU attack by Synacktiv (@Synacktiv). They receive a Tesla Model 3 and $100,000, and 10 Master of Pwn points.Marcin Wizowski used an improper input validation bug to elevate privileges on Windows 11. He receives $30,000 and 3 Master of Pwn points.
Synacktiv (@Synacktiv) escalated privileges on Apple macOS by exploiting a TOCTOU bug. They receive $40,000 as well as 4 Master of Pwn points.
Totally eight tries today, including a Tesla attack and a SharePoint RCE. All unique winning entries will be given the full prize money for this year’s competition.
As a result, hackers received $375,000 (along with a Tesla Model 3!) on the first day of the competition for 12 zero-day exploits.