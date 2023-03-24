March 24, 2023

Ferrum College : Iron Blade Online

Complete Canadian News World

Microsoft Teams, Virtualbox, and Tesla have all been exploited in Pwn2Own

Len Houle March 24, 2023 2 min read

During Day 2 of Pwn2Own Vancouver 2023, competitors were awarded $475,000 after successfully exploiting 10 days of zero across multiple products.

The hacked targets included the Tesla Model 3, Microsoft’s Teams communications platform, Oracle VirtualBox virtual platform, and the Ubuntu Desktop operating system.

The highlight of day two was a successful attempt from Synacktiv’s David Berard (@_p0ly_) and Vincent Dehors (@employee) against Tesla – the root of the uninhibited infotainment.

This earned them $250,000 and allowed them to obtain a Tesla Model 3 after hacking via the overflow stack and writing an OOB exploit string.

Thomas Imbert of Synacktiv (@employee) and Thomas Boozer (@employee) also successfully exploited a series of three privilege escalation errors on an Oracle VirtualBox host to earn $80,000.

On a third try from Synacktiv, Tanguy Dubroca (@employee) was awarded $30,000 for the demonstration of an incorrect zero-day benchmark resulting in privilege escalation on the Ubuntu desktop.

Zero Day Tesla infotainment demo from Synacktiv (ZDI)

Vettel Team (@employee) also hacked Microsoft Teams via a Series 2 bug to earn $78,000 and Oracle’s VirtualBox with a use-after-free (UAF) bug and an uninitialized variable for $40,000.

On Day 1, Pwn2Own competitors were awarded $375,000 and a Tesla Model 3 car after successfully pitching 12 Zero Days in Tesla Model 3, Windows 11, Microsoft SharePoint, Oracle VirtualBox, and macOS.

On the final day of the competition, security researchers will attempt zero-day exploits in Ubuntu Desktop, Microsoft Teams, Windows 11, and VMware Workstation.

Pwn2Own Vancouver 2023 Contestants can win $1,080,000 in cash and two Tesla Model 3 cars between March 22nd and March 24th.

See also  Default technical settings that should be turned off immediately

Researchers Products will be targeted from multiple categories during the competition, including Enterprise Applications, Enterprise Communications, Servers, Virtualization, Automotive, and Local Privilege (EoP) Escalation.

“This year’s event promises some exciting research as we have 19 entries targeting nine different targets – including two Tesla attempts,” ZDI said.

“For this year’s event, each round will pay full price, which means if all exploits are successful, we will award over $1,000,000 USD.”

Vendors must patch tested zero-day vulnerabilities and disclose them through Pwn2Own within 90 days before Trend Micro’s Zero Day Initiative releases technical details publicly.

At Pwn2Own Vancouver 2022, security researchers earned $1,155,000 after a Tesla Model 3 Infotainment System was hacked, crashing Windows 11 six times, showing three Microsoft Teams zero days, and exploiting Ubuntu Desktop four times.

Leave a Reply

Your email address will not be published. Required fields are marked *

More Stories

3 min read

Diablo IV’s open beta will be messy at first

March 24, 2023 Len Houle
3 min read

What Vuori CEO Joe Kudla learned from two failed side hustle

March 23, 2023 Len Houle
2 min read

WhatsApp introduces a new Windows client with better communication features

March 23, 2023 Len Houle

You may have missed

6 min read

Gwyneth Paltrow trial live: Terry Sanderson bragged he was ‘famous’ after skateboarding crash, court hears

March 24, 2023 Roxanne Bacchus
3 min read

NASA’s Radical Propulsion Concept Could Reach Interstellar Space in Less Than 5 Years: ScienceAlert

March 24, 2023 Cheryl Riley
3 min read

Julian Strother’s late pointer lifts UCLA’s Gonzaga trio to the Elite 8

March 24, 2023 Joy Love
2 min read

Microsoft Teams, Virtualbox, and Tesla have all been exploited in Pwn2Own

March 24, 2023 Len Houle