Security News > 2023 > March > Hackers earn $1,035,000 for 27 zero-days exploited at Pwn2Own Vancouver

Pwn2Own Vancouver 2023 has ended with contestants earning $1,035,000 and a Tesla Model 3 car for 27 zero-day exploited between March 22 and 24.

The total prize pool for Pwn2Own Vancouver 2023 was over $1,000,000 in cash and a Tesla Model 3, which Team Synacktiv won.

The hackers successfully escalated privileges and gained code execution on fully patched systems after hacking Windows 11, Microsoft Teams, Microsoft SharePoint, macOS, Ubuntu Desktop, VMware Workstation, Oracle VirtualBox, and, of course, the Tesla Model 3.

After the zero-day vulnerabilities are exploited and reported during Pwn2Own, vendors are given 90 days to release security fixes before TrendMicro's Zero Day Initiative publicly discloses them.

On the first day of Pwn2Own Vancouver, Synacktiv's hackers were awarded $100,000 and a Tesla Model 3 after executing a TOCTOU attack against the Tesla - Gateway in the Automotive category.

At last year's Pwn2Own Vancouver hacking competition, in May 2022, researchers earned $1,155,000 and a car after hacking the Tesla Model 3 Infotainment System and taking down Windows 11, Ubuntu Desktop, Microsoft Teams, and more using multiple zero-day bugs and exploit chains.

News URL

https://www.bleepingcomputer.com/news/security/hackers-earn-1-035-000-for-27-zero-days-exploited-at-pwn2own-vancouver/