Hacks at Pwn2Own Vancouver 2023

2023-03-27 11:03

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3.

The first to fall was Adobe Reader in the enterprise applications category after Haboob SA's Abdul Aziz Hariri used an exploit chain targeting a 6-bug logic chain abusing multiple failed patches which escaped the sandbox and bypassed a banned API list on macOS to earn $50,000.

The STAR Labs team demoed a zero-day exploit chain targeting Microsoft's SharePoint team collaboration platform that brought them a $100,000 reward and successfully hacked Ubuntu Desktop with a previously known exploit for $15,000.

Synacktiv took home $100,000 and a Tesla Model 3 after successfully executing a TOCTOU attack against the Tesla-Gateway in the Automotive category.

They also used a TOCTOU zero-day vulnerability to escalate privileges on Apple macOS and earned $40,000.

Oracle VirtualBox was hacked using an OOB Read and a stacked-based buffer overflow exploit chain by Qrious Security's Bien Pham.

News URL

https://www.schneier.com/blog/archives/2023/03/hacks-at-pwn2own-vancouver-2023.html

#hack #pwn2own