Pwn2Own Vancouver 2022 contestants demonstrated three zero-day exploits on the second day of the competitors: a hack of Home windows 11, a hack of the infotainment system of the Tesla Mannequin 3, and exploits for 2 bugs in Ubuntu Desktop.
On the infotainment system of a Telsa Mannequin 3 utilizing collision on a identified sandbox escape, David BERARD and Vincent DEHORS from @Synacktiv demonstrated two distinctive bugs (Double-Free & OOBW) on the primary try of the day.
Though they didn’t win the automobile outright, they earned $75,000 and have 7.5 masters of pwn factors, in order that they made sufficient to take the automobile house with them.
Whereas namnp had one other try at executing their exploit of Microsoft Home windows 11 on day 2, nonetheless, they have been unable to perform it inside the allotted time-frame.
It wasn’t exhausting for Bien Pham (@bienpnn) to raise privileges below Ubuntu Desktop by way of an exploit he obtained by means of a Use After Free bug, incomes him $40,000 and 4 Grasp of Pwn factors for his efforts.
In immediately’s second try, Jedar_LZ was unable to finish the duty inside the timeframe that he was allowed. The excellent news is that @thedzi acquired the data on the exploit from Tesla and is now sharing it with the corporate.
In his first demonstration on Microsoft Home windows 11, T0 engineered an improper entry management bug that enabled him to achieve elevated privileges. By doing so, he earned $40,000.00 and 4 Grasp of Pwn factors for his feat.
Workforce TUTELARY from Northwestern College has efficiently exhibited a Use After Free bug resulting in the elevation of privilege on Ubuntu Desktop on the finish of Day 2.
Whereas the TUTELARY crew included Zhenpeng Lin (@Markak_), Yueqi Chen (@Lewis_Chen_), and Xinyu Xing (@xingxinyu). Having achieved this, the crew earned 4 Grasp of Pwn factors and a complete of $40,000.
You’ll be able to comply with us on Linkedin, Twitter, Fb for day by day Cybersecurity and hacking information updates.