Security News > 2022 > December > Hackers earn $989,750 for 63 zero-days exploited at Pwn2Own Toronto

Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits targeting consumer products between December 6th and December 9th. During this hacking competition, 26 teams and security researchers have targeted devices in the mobile phones, home automation hubs, printers, wireless routers, network-attached storage, and smart speakers categories, all up-to-date and in their default configuration.
The STAR Labs team was the first to exploit a zero-day in Samsung's flagship device by executing an improper input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points.
Security researchers with Interrupt Labs and Pentest Limited also hacked the Galaxy S22 on the second and third days of the competition, with Pentest Limited demonstrating their zero-day exploit in just 55 seconds.
The Pwn2Own Toronto 2022 wrapped up today, on the fourth day of the competition, with contestants earning $989,750 for 63 zero-day exploits across multiple categories.
Throughout the contest, hackers have successfully demoed exploits targeting zero-day bugs in devices from multiple vendors, including Canon, HP, Mikrotik, NETGEAR, Sonos, TP-Link, Lexmark, Synology, Ubiquiti, Western Digital, Mikrotik, and HP. You can find the complete schedule of the competition here and the program and results for each day of Pwn2Own Toronto 2022 here.
After the zero-day vulnerabilities exploited during the Pwn2Own event are reported, vendors are given 120 days to release patches before ZDI publicly discloses them.
News URL
Related news
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers (source)
- Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards (source)
- Chinese hackers breach US local governments using Cityworks zero-day (source)