Security News > 2023 > March > Hackers earn $1,035,000 for 27 zero-days exploited at Pwn2Own Vancouver
Pwn2Own Vancouver 2023 has ended with contestants earning $1,035,000 and a Tesla Model 3 car for 27 zero-day exploited between March 22 and 24.
The total prize pool for Pwn2Own Vancouver 2023 was over $1,000,000 in cash and a Tesla Model 3, which Team Synacktiv won.
The hackers successfully escalated privileges and gained code execution on fully patched systems after hacking Windows 11, Microsoft Teams, Microsoft SharePoint, macOS, Ubuntu Desktop, VMware Workstation, Oracle VirtualBox, and, of course, the Tesla Model 3.
After the zero-day vulnerabilities are exploited and reported during Pwn2Own, vendors are given 90 days to release security fixes before TrendMicro's Zero Day Initiative publicly discloses them.
On the first day of Pwn2Own Vancouver, Synacktiv's hackers were awarded $100,000 and a Tesla Model 3 after executing a TOCTOU attack against the Tesla - Gateway in the Automotive category.
At last year's Pwn2Own Vancouver hacking competition, in May 2022, researchers earned $1,155,000 and a car after hacking the Tesla Model 3 Infotainment System and taking down Windows 11, Ubuntu Desktop, Microsoft Teams, and more using multiple zero-day bugs and exploit chains.
News URL
Related news
- Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- MITRE says state hackers breached its network via Ivanti zero-days (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)