Security News

Pwn2Own Toronto 2022 has ended with competitors earning $989,750 for 63 zero-day exploits targeting consumer products between December 6th and December 9th. During this hacking competition, 26 teams and security researchers have targeted devices in the mobile phones, home automation hubs, printers, wireless routers, network-attached storage, and smart speakers categories, all up-to-date and in their default configuration. The STAR Labs team was the first to exploit a zero-day in Samsung's flagship device by executing an improper input validation attack on their third attempt, earning $50,000 and 5 Master of Pwn points.

On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds. This earned them $25,000, 50% of the total cash award, as this was the fourth time the Galaxy S22 was hacked during the Pwn2Own Toronto 2022 contest.

Contestants hacked the Samsung Galaxy S22 again during the second day of the consumer-focused Pwn2Own 2022 competition in Toronto, Canada. They executed an improper input validation attack and earned $25,000, 50% of the total cash award, because this was the third time the Galaxy S22 was hacked during the competition.

Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event. [...]

Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest. If exploited, the two critical flaws can let attackers gain JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird.

On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft's Windows 11 operating system three more times using zero-day exploits. All other contestants hacked their targets, earning $160,000 after taking down Windows 11 three times and Ubuntu Desktop once.

Just a short note to let you know that we were wrong about Firefox and Pwn2Own in our latest podcast. We do know that Mozilla will be rushing to fix this one as soon as they get the details out of the Pwn2Own competition.

During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants hacked Microsoft's Windows 11 OS again and demoed zero-days in Tesla Model 3's infotainment system. A third elevation of privileges zero-day caused by an improper access control bug in Windows 11 was demoed on the second day by T0, with namnp failing to demonstrate a second Windows 11 privilege escalation zero-day within the time allotted.

During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft's Windows 11 operating system and the Teams communication platform. The first to fall was Microsoft Teams in the enterprise communications category after Hector Peralta exploited an improper configuration flaw.

The rules of Pwn2Own are somewhat strange, given that some entrants may end up not actually competing at all. The Tesla hackers, plus the browser and virtualisation entrants, will all definitely get a turn, because they're the only competitors in their categories.