The contestants who efficiently exploited 16 zero-day bugs inside 16 completely different merchandise within the Pwn2Own Vancouver 2022 first day gained greater than $800,000 in prize cash.
The product line consists of:-
- Microsoft Home windows 11 (OS)
- Microsoft Groups (communication platform)
First Day: Microsoft Groups and Home windows 11 Hacked
Within the enterprise communications class, Microsoft Groups was the primary sufferer of an improper configuration flaw exploited by Hector Peralta.
The members of the Star Labs staff, Billy Jheng Bing-Jhong, Muhammad Alifa Ramdhan, and Nguyá»…n Hoà ng Thạch exhibited a zero-click exploit chain that accommodates 2 bugs, and right here they’re talked about beneath:-
- Injection
- Arbitrary file write
That is the third time that Microsoft Groups was compromised by Masato Kinugawa, and this time he exploited three bugs of injection, misconfiguration, and sandbox escape in an effort to hack the system.
Within the profitable demonstration of their Microsoft Groups zero-day vulnerabilities, the three hackers acquired a share of $150,000 and 15 Grasp of Pwn factors.Â
Moreover, STAR Labs was in a position to earn an additional $40,000. This was earned by utilizing a Use-After-Free vulnerability to escalate privileges on a Home windows 11 working system.
By having access to Oracle Virtualbox’s privilege escalation system, the group once more added an extra $40,000 reward.
To hack the Mozilla Firefox net browser, Manfred Paul (@_manfp) demonstrated the exploitation of the two bugs efficiently, and right here they’re:-Â
- Prototype air pollution
- Improper enter validation
By exploiting the above two bugs within the Mozilla Firefox net browser, he earned $100,000 and 10 Grasp of Pwn factors.
Aside from the Mozilla Firefox browser, Manfred Paul additionally efficiently demonstrated the exploitation of a bug in Apple Safari, and by compromising the Apple Safari net browser, he earned a hefty reward of $150,000.
Right here beneath, we now have talked about the bug that’s exploited in Apple Safari:-
Throughout a take a look at run of Microsoft Home windows 11 on a workstation, Marcin WiÄ…zowski exploited an out-of-bounds write privilege escalation vulnerability.Â
This earned him a tidy sum of $40,000 and 4 Factors of Grasp of Pwns for his efforts, together with a excessive ranking from the Microsoft staff for writing the accompanying whitepaper.
Two bugs have been exploited on the Ubuntu desktop by Sea Safety’s staff of Orca. Right here beneath, we now have talked about these two bugs which might be exploited and earned the staff $40,000 together with 4 Grasp of Pwn factors:-
- An Out-of-Bounds Write (OOBW)
- Use-After-Free (UAF)
The primary day of the contest is over, which suggests the following updates might be up quickly, and we’ll hold you up to date with all of the upcoming occasions of the competition.
You may observe us on Linkedin, Twitter, Fb for each day Cybersecurity and hacking information updates.