Security News

On the third day of Pwn2Own, contestants hacked the Samsung Galaxy S22 a fourth time since the start of the competition, and this time they did it in just 55 seconds. This earned them $25,000, 50% of the total cash award, as this was the fourth time the Galaxy S22 was hacked during the Pwn2Own Toronto 2022 contest.

Contestants hacked the Samsung Galaxy S22 again during the second day of the consumer-focused Pwn2Own 2022 competition in Toronto, Canada. They executed an improper input validation attack and earned $25,000, 50% of the total cash award, because this was the third time the Galaxy S22 was hacked during the competition.

Contestants have hacked the Samsung Galaxy S22 smartphone twice during the first day of the Pwn2Own Toronto 2022 hacking competition, the 10th edition of the consumer-focused event. [...]

Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest. If exploited, the two critical flaws can let attackers gain JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird.

On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft's Windows 11 operating system three more times using zero-day exploits. All other contestants hacked their targets, earning $160,000 after taking down Windows 11 three times and Ubuntu Desktop once.

Just a short note to let you know that we were wrong about Firefox and Pwn2Own in our latest podcast. We do know that Mozilla will be rushing to fix this one as soon as they get the details out of the Pwn2Own competition.

During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants hacked Microsoft's Windows 11 OS again and demoed zero-days in Tesla Model 3's infotainment system. A third elevation of privileges zero-day caused by an improper access control bug in Windows 11 was demoed on the second day by T0, with namnp failing to demonstrate a second Windows 11 privilege escalation zero-day within the time allotted.

During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft's Windows 11 operating system and the Teams communication platform. The first to fall was Microsoft Teams in the enterprise communications category after Hector Peralta exploited an improper configuration flaw.

The rules of Pwn2Own are somewhat strange, given that some entrants may end up not actually competing at all. The Tesla hackers, plus the browser and virtualisation entrants, will all definitely get a turn, because they're the only competitors in their categories.

Late last week, our Slackware Linux distro announced an update to follow the scheduled-and-expected Firefox 100 release, which came out at the start of the month. The blog article, entitled Improved Process Isolation in Firefox 100, actually came out the day before the 100.0.1 release was uploaded to the FTP server, as though the changes were already accomplished in the 100.0 release.