Specialists managed to uncover 19 zero-day vulnerabilities and win cash prizes.
On the first day of the Pwn2Own competition in Vancouver in 2024, participants demonstrated 19 zero-day vulnerabilities in Windows 11, Tesla cars, and Ubuntu. For their findings, experts received awards totaling $732,500 and a Tesla Model 3 car.
The competition was opened by Abdul Aziz Hariri of Haboob SA, who used an exploit for Adobe Reader that combined API restrictions and a command injection vulnerability, which allowed code to be executed on macOS and earn $50,000.
Synacktiv won a Tesla Model 3 and $200,000 by hacking the Tesla electronic control unit in less than 30 seconds with an integer overflow.
Security researchers from Theori earned $130,000 dollars by logging out of a VMware Workstation virtual machine and executing code on a Windows system on the host, using a chain of vulnerabilities – an uninitialized variable error, Use-After-Free (UAF), and Heap-based Buffer Overflow.
Reverse Tactics security researchers received $90,000 for exploiting two vulnerabilities in Oracle VirtualBox and one in Windows (UAF) to exit the VM and elevate privileges to the SYSTEM level.
The first day of the competition ended with the hacking of the Apple Safari, Google Chrome and Microsoft Edge web browsers by Manfred Paul, who used 3 zero-day vulnerabilities and won $102,500.
Top Five Pwn2Own Leaders
In addition, the first day participants showed off other impressive achievements, including raising privileges to the SYSTEM level on a completely updated Windows 11 system, for which the DEVCORE Research Team received $30,000. Vulnerabilities in Google Chrome, Ubuntu Linux and Oracle VirtualBox were also demonstrated, which brought specialists from $20,000 to $60,000.
After demonstrating vulnerabilities at Pwn2Own, manufacturers are given 90 days to create and release security patches for all detected flaws before they are published.
At Pwn2Own Vancouver 2024, security researchers will attack current versions of products in various categories, including web browsers, virtualization, enterprise applications and cars. More than $1.3 million and a Tesla Model 3 car are at stake for two days of competition.
On the first day of the Pwn2Own competition in Vancouver in 2024, participants demonstrated 19 zero-day vulnerabilities in Windows 11, Tesla cars, and Ubuntu. For their findings, experts received awards totaling $732,500 and a Tesla Model 3 car.
The competition was opened by Abdul Aziz Hariri of Haboob SA, who used an exploit for Adobe Reader that combined API restrictions and a command injection vulnerability, which allowed code to be executed on macOS and earn $50,000.
Synacktiv won a Tesla Model 3 and $200,000 by hacking the Tesla electronic control unit in less than 30 seconds with an integer overflow.
Security researchers from Theori earned $130,000 dollars by logging out of a VMware Workstation virtual machine and executing code on a Windows system on the host, using a chain of vulnerabilities – an uninitialized variable error, Use-After-Free (UAF), and Heap-based Buffer Overflow.
Reverse Tactics security researchers received $90,000 for exploiting two vulnerabilities in Oracle VirtualBox and one in Windows (UAF) to exit the VM and elevate privileges to the SYSTEM level.
The first day of the competition ended with the hacking of the Apple Safari, Google Chrome and Microsoft Edge web browsers by Manfred Paul, who used 3 zero-day vulnerabilities and won $102,500.
Top Five Pwn2Own Leaders
In addition, the first day participants showed off other impressive achievements, including raising privileges to the SYSTEM level on a completely updated Windows 11 system, for which the DEVCORE Research Team received $30,000. Vulnerabilities in Google Chrome, Ubuntu Linux and Oracle VirtualBox were also demonstrated, which brought specialists from $20,000 to $60,000.
After demonstrating vulnerabilities at Pwn2Own, manufacturers are given 90 days to create and release security patches for all detected flaws before they are published.
At Pwn2Own Vancouver 2024, security researchers will attack current versions of products in various categories, including web browsers, virtualization, enterprise applications and cars. More than $1.3 million and a Tesla Model 3 car are at stake for two days of competition.
