Security News > 2024 > May > VMware fixes three zero-day bugs exploited at Pwn2Own 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.
Theori security researchers Gwangun Jung and Junoh Lee also went home with $130,000 in cash for escaping a VMware Workstation VM to gain code execution as SYSTEM on the host Windows OS using an exploit chain targeting three vulnerabilities: an uninitialized variable bug, a UAF weakness, and a heap-based buffer overflow.
Google and Mozilla also fixed several zero-days exploited at Pwn2Own Vancouver 2024 within days after the contest ended, with Mozilla releasing patches one day later and Google after just five days.
Google fixes Chrome zero-days exploited at Pwn2Own 2024.
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own.
Google Chrome emergency update fixes 6th zero-day exploited in 2024.