Security researchers participating in the PWN2OWN Vancouver 2023 competition successfully demonstrated exploitative zero-day attacks on various platforms. The competition offers a grand prize of $375,000 and a Tesla Model 3 to the winner. Adobe Reader was the first to be hacked in the Corporate Application category using an exploit chain that overcame the MacOS sandbox and bypassed the list of prohibited APIs. Abdul Aziz Hariri from Haboob Sa won a reward of $50,000 for the hack.
Star Labs team attacked the Microsoft SharePoint joint platform using a zero-day exploit chain and received $100,000. They also hacked Ubuntu Desktop and received a prize of $15,000. Specialists from Synacktiv won $100,000 and a Tesla Model 3 after using the vulnerability of zero TOCTOU to increase privileges on Apple MacOS. Additionally, they succeeded in attacking Tesla Gateway. Researcher Ben Fam from Qrious Security hacked Oracle Virtualbox and received a prize of $40,000.
Privileges were elevated in Windows 11 by Marcin Vizovski using an incorrect input check, for which he received a reward of $30,000. The competition, which focuses on products in the categories of corporate applications, corporate communications, local raising privileges (EOP), servers, virtualization, and cars, is ongoing. On the second day, the contest will focus on zero-day exploits aimed at Microsoft Teams, Oracle VirtualBox, Tesla Model 3 Unconfined Root, and Ubuntu Desktop. The final day will see attempts to hack Windows 11, Microsoft Teams, and VMware Workstation.
During the PWN2WAN Vancouver 2023 competition, participants can earn up to $1,080,000 and a Tesla Model 3. The highest reward for hacking Tesla is now $150,000 plus the car itself. Upon demonstrating and disclosing zero-day vulnerabilities during PWN2OWN, suppliers are given 90 days to release security corrections for all discovered deficiencies before the Trend Micro Day Initiative initiative publicly publishes them.