Security News > 2021 > April > Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
2021-04-12 23:22

The 2021 spring edition of Pwn2Own hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade.

A zero-click exploit targeting Zoom that employed a three-bug chain to exploit the messenger app and gain code execution on the target system.

Leveraging use-after-free, race condition, and integer overflow bugs in Windows 10 to escalate from a regular user to SYSTEM privileges.

The Zoom vulnerabilities exploited by Daan Keuper and Thijs Alkemade of Computest Security are particularly noteworthy because the flaws require no interaction of the victim other than being a participant on a Zoom call.

"On April 9, we released a server-side update that defends against the attack demonstrated at Pwn2Own on Zoom Chat," a spokesperson for the company told The Hacker News.

Independent researcher Alisa Esage also made history as the first woman to win Pwn2Own after finding a bug in virtualization software Parallels.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/TuK9jskRo3A/windows-ubuntu-zoom-safari-ms-exchange.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zoom 55 4 67 57 9 137
Ubuntu 14 13 39 18 19 89