This year’s first edition of Pwn2Own at Vancouver has ended in a great way – with the participants taking over a million dollars home by hitting popular services.
Researchers on the last day managed to hit a fully patched Windows 11, VMWare Workstation, and Ubuntu Desktop OS thrice – winning $185,000 combined. The overall winner of this event is Synacktiv, who earned $530,000 and a Tesla Model 3 car for their exploits.
Winning a Million Dollars For Exploits
Pwn2Own, the event where security geeks from various backgrounds come to demonstrate their exploitative skills of popular services – has this year won over $1 million throughout the event. From automotive to enterprise applications and communications to servers and virtualization software, participants were awarded bounties for 27 zero-day exploits demoed during the event.
During the first day, the contestants earned $375,000 and a Tesla Model 3 by demoing 12 zero-days in the Tesla Model 3, Windows 11, Microsoft SharePoint, Oracle VirtualBox and the MacOS. And the following day, they surfaced 10 zero-days on Windows 11, Tesla, Ubuntu, macOS and others, to win $475,000.
And on the last day, the contestants demonstrated 5 zero-day exploits on Windows 11, Ubuntu Desktop and the VMware Workstation virtualization software – winning $185,000. What’s more interesting is the Ubuntu Desktop was hacked thrice on that day, by three different teams, although one of them was a collision with the previously known exploit.
That’s a wrap for #P2OVancouver! Contestants disclosed 27 unique 0-days and won a combined $1,035,000 (and a car)! Congratulations to the Masters of Pwn, @Synacktiv, for their huge success and hard work! They earned 53 points, $530,000, and a Tesla Model 3. #Pwn2Own pic.twitter.com/xtd0cdjGC3
— Zero Day Initiative (@thezdi) March 24, 2023
And for Windows 11, it’s intriguing to watch the contestants hacking it even after being fully patched! Thomas Imbert from Synacktiv, the one who hacked Windows 11 has earned $30,000 for his Use-After-Free (UAF) bug. Also, the Synacktiv team stood as the overall winner by earning $530,000 and a Tesla Model 3 car for their exploits.
The concerned OEMs have 90 days to patch the reported bugs – before Trend Micro’s Zero Day Initiative publicly releases technical details to let anyone exploit them later on.
Other Trending News:- News
