Security News > 2024 > May > VMware fixes three zero-day bugs exploited at Pwn2Own 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.
Theori security researchers Gwangun Jung and Junoh Lee also went home with $130,000 in cash for escaping a VMware Workstation VM to gain code execution as SYSTEM on the host Windows OS using an exploit chain targeting three vulnerabilities: an uninitialized variable bug, a UAF weakness, and a heap-based buffer overflow.
Google and Mozilla also fixed several zero-days exploited at Pwn2Own Vancouver 2024 within days after the contest ended, with Mozilla releasing patches one day later and Google after just five days.
Google fixes Chrome zero-days exploited at Pwn2Own 2024.
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own.
Google Chrome emergency update fixes 6th zero-day exploited in 2024.
News URL
Related news
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland (source)
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own (source)
- QNAP patches second zero-day exploited at Pwn2Own to get root (source)
- Synology hurries out patches for zero-days exploited at Pwn2Own (source)