In Vancouver in 2024, the pwn2own competition kicked off with participants showcasing 19 zero-day vulnerabilities in Windows 11, Tesla, and Ubuntu cars. The experts were awarded a total of $732,500 and a Tesla Model 3 car for their discoveries.
The event was launched by Abdul Aziz Hariri from Haboob SA, who exploited Adobe Reader to execute MacOS code, earning $50,000. Synacktiv claimed victory by hacking the Tesla electronic control unit in under 30 seconds using integer overflow, winning $200,000 and a Tesla Model 3.
Theori researchers earned $130,000 by escaping the VMware Workstation virtual machine and infiltrating the Windows system on the host using a chain of vulnerabilities. Reverse Tactics researchers received $90,000 for leveraging vulnerabilities in Oracle VirtualBox and Windows to escalate privileges to System level.
The first day concluded with Manfredom Paul hacking Apple Safari, Google Chrome, and Microsoft Edge using three zero-day vulnerabilities, earning $102,500. In addition, the DeVCORE Research Team raised privileges to System level on a fully updated Windows 11 system, earning $30,000.
Manufacturers have 90 days to address and release security patches for the identified vulnerabilities from pwn2own before they are disclosed. The competition features attacks on current products across various categories such as web browsers, virtualization, corporate applications, and cars, with over $1.3 million and a Tesla Model 3 car at stake over two days.