Security News > 2023 > March > Microsoft Teams, Virtualbox, Tesla zero-days exploited at Pwn2Own

Competitors successfully exploited zero-day bugs in multiple products during the second day of Pwn2Own Vancouver 2023, including the Tesla Model 3, Microsoft's Teams communication platform, the Oracle VirtualBox virtualization platform, and the Ubuntu Desktop operating system.
Team Viettel hacked also Microsoft Teams via a 2-bug chain to earn $78,000 and Oracle's VirtualBox using a Use-After-Free bug and an uninitialized variable for $40,000.
On the first day, Pwn2Own competitors were awarded $375,000 and a Tesla Model 3 after successfully demoing 12 zero-days in the Tesla Model 3, Windows 11, Microsoft SharePoint, Oracle VirtualBox, and macOS. On the last day of the contest, security researchers will attempt to exploit zero-day bugs in Ubuntu Desktop, Microsoft Teams, Windows 11, and VMware Workstation.
Pwn2Own Vancouver 2023 contestants can earn $1,080,000 in cash and two Tesla Model 3 cars between March 22 and March 24.
Vendors have to patch zero-day vulnerabilities demoed and disclosed during Pwn2Own within 90 days before Trend Micro's Zero Day Initiative publicly publishes technical details.
At Pwn2Own Vancouver 2022, security researchers earned $1,155,000 after hacking the Tesla Model 3 Infotainment System, taking down Windows 11 six times, demonstrating three Microsoft Teams zero-days, and exploiting Ubuntu Desktop four times.
News URL
Related news
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- If you dread a Microsoft Teams invite, just wait until it turns out to be a Russian phish (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- New Microsoft 365 outage impacts Teams, causes call failures (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)