summed up the results of the three days of the competition of the PWN2own 2022 competition, annually held within the framework Cansecwest conferences. Of the 25 intended goals, operating techniques of previously unknown vulnerabilities were demonstrated for Ubuntu Desktop, VirtualBox, Safari, Windows 11, Microsoft Teams and Firefox. In all cases, the latest versions of programs were tested, including all available updates. The total amount of payments amounted to 1.155,000 US dollars.
The competition showed five successful attempts to operate previously unknown vulnerabilities in Ubuntu Desktop, undertaken by different teams of the participants (in which components the problem has not yet been reported, 90 days are given to open errors) :
- 40 thousand dollars for demonstrating a local increase in privileges in Ubuntu Desktop through the operation of vulnerabilities associated with the overwhelming of the buffer and the double release of memory.
- 40 thousand dollars for the operation of a vulnerability associated with the appeal to memory after its release (USE-After-Free) in Ubuntu Desktop.
- 40 thousand dollars for raising privileges in Ubuntu Desktop, using an error leading to a memory of memory after its release (use-autr-free).
- 40 thousand dollars for raising privileges in Ubuntu Desktop, using an error leading to a memory of memory after its release (use-autr-free).
- 40 thousand dollars for raising privileges in Ubuntu Desktop, using an error leading to a memory of memory after its release (use-autr-free).
Other successful attacks:
- 100 thousand dollars for developing an exploit for Firefox, allowed to get around the Sandbox insulation and execute the code in the system.
- 40 thousand dollars for demonstrating an exploit using the overflow of the buffer in Oracle Virtualbox to exit the guest system.
- 50 thousand dollars for the operation of Apple Safari.
- 450 thousand dollars for hacking Microsoft Teams (different teams demonstrated three hacks with a reward of 150 thousand for each).
- 80 thousand dollars (two bonuses of 40 thousand) for the operation of buffer overflow and increase their privileges in Microsoft Windows 11.
- 80 thousand dollars (two bonuses of 40 thousand) for increasing their privileges in Microsoft Windows 11 through the operation of error in the access check code.
- 40 thousand dollars for the operation of integer overflow to increase their privileges in Microsoft Windows 11.
- 40 thousand dollars for the exploitation of vulnerability associated with the appeal to memory after its release (USE-AFTER-FREE) in Microsoft Windows 11.
- 75 thousand dollars for demonstrating an attack on the Telsa Model information and entertainment system. Excliance used errors leading to the overflow of the buffer and double the release of memory, together with the previously known technique of bypassing Sandbox insulation.
.