No matter how safe we think our computer is, and no matter how many security measures we implement, we will always be in danger. In the world there are true masters of computer security, who for better (or for worse, in the case of hackers) always look for, and find, a way to break the security measures of computer systems. And, if you have ever been interested in computer security and hacking, surely there is an annual competition that sounds like a lot to you: Pwn2Own.
As every year around this time, Pwn2Own takes place, an annual hacking competition organized by the security firm TrendMicro, during which teams of hackers and security experts from around the world are invited to try to hack. different devices, web browsers, operating systems and smartphones. In this competition, teams have a limited time to find and exploit vulnerabilities in their targets. If they manage to do so, they receive a cash prize and recognition as experts in computer security.
The competition takes place in a controlled and secure environment, so neither vulnerabilities nor exploits can get out into the network and endanger the security of users if they fall into the hands of malicious users. Pwn2Own aims to demonstrate the importance of computer security and encourage vulnerability research for defensive purposes. In addition, it helps manufacturers and developers to improve the security of their products, since the vulnerabilities discovered during the competition are reported and corrected.
Zero Day Initiative
@thezdi
That wraps up the first day of #P2OVancouver 2023! We awarded $375,000 (and a Tesla Model 3!) for 12 zero-days during the first day of the contest. Stay tuned for day two of the contest tomorrow! #Pwn2Own https://t.co/UTvzqxmi8E
March 23, 2023 • 00:49
43
2
First day of Pwn2Own 2023
This competition takes place between the 22nd and 24th of March this year. And, on the first day, the biggest ones have already fallen. The first to fall was Adobe Reader, Adobe’s PDF reader that, through an exploit, allows you to escape from its safe space and jeopardize the complete security of any macOS system. On the other hand, macOS, the “supposedly invulnerable” system, has also been shown to have serious security breaches, with a zero-day vulnerability valued at $40,000.
Zero Day Initiative
@thezdi
Success! @Synacktiv used a TOCTOU bug to escalate privileges on Apple macOS. They earn $40,000 and 4 Master of Pwn points. #Pwn2Own #P2OVancouver https://t.co/IS5AFBn3Lm
March 23, 2023 • 00:17
175
2
Later, the hackers managed to break the security of Microsoft SharePoint, obtaining a reward of $100,000 for this failure. Ubuntu has also fallen, as a group of hackers has managed to hack the system using a known exploit that took advantage of a supposedly fixed vulnerability. And Windows 11, of course, has also proven insecure by allowing hackers to gain the highest SYSTEM privilege level.
Zero Day Initiative
@thezdi
Success! Marcin Wiązowski used an improper input validation bug to elevate privileges on Windows 11. He earns $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OVancouver https://t.co/aoq12AaGfn
March 23, 2023 • 00:31
26
2
Last but not least, they have also found serious flaws in Tesla Model 3, managing to execute a hack on this car’s system and getting the group $100,000 for that vulnerability.
Two more days full of emotion
He finished the first day with Windows, macOS, Ubuntu, Microsoft SharePoint, Adobe Reader, VirtualBox and Tesla exposed, and with a total reward of $375,000. But Pwn2Own 2023 is not over yet. Tomorrow, and the day after tomorrow, these hackers will try to find new vulnerabilities in Microsoft Teams, VirtualBox, Windows 11, Ubuntu and, again, in the Infotainment Unconfined Root of Tesla Model 3. And there is $1,080,000 at stake, in addition to the chance to win up to a Tesla Model 3.
What will be the next system to fail? We will know soon.
