Windows 11, Tesla, macOS & Ubuntu Desktop Hacked – Pwn2Own Day One

On the first day, Pwn2Own Vancouver 2023 hacking challenge participants compromised Windows 11, Tesla, macOS, and Ubuntu Desktop.

AbdulAziz Hariri of Haboob SA, who completed his attack against Adobe Reader utilizing a 6-bug logic chain leveraging many failed fixes that escaped the sandbox and overcame a banned API list, gave the first demonstration of the day. 5 Master of Pwn points and $50,000 are awarded to him.

Microsoft SharePoint was the target of a 2-bug chain that STAR Labs was able to run. They receive 10 Master of Pwn points and $100,000.Tesla – Gateway was the target of a TOCTOU attack by Synacktiv (@Synacktiv). They receive a Tesla Model 3 and $100,000, and 10 Master of Pwn points.Marcin Wizowski used an improper input validation bug to elevate privileges on Windows 11. He receives $30,000 and 3 Master of Pwn points.

Synacktiv (@Synacktiv) escalated privileges on Apple macOS by exploiting a TOCTOU bug. They receive $40,000 as well as 4 Master of Pwn points.

Totally eight tries today, including a Tesla attack and a SharePoint RCE. All unique winning entries will be given the full prize money for this year’s competition.

As a result, hackers received $375,000 (along with a Tesla Model 3!) on the first day of the competition for 12 zero-day exploits.

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir